CYBERCRIME CONTINUES TO GROW
Phishing, vishing, ransomware, insider threats…every single week, we all hear about a data breach or information leak. The fact is, cybercrime continues to reach new limits every single year. And these types of threats can hit anyone at any given time because every business in Dayton is one-click away from malicious malware taking down their system.
We all like to think our staff is aware of the dangers lurking within email links, but that’s rarely the case. In fact, 90% of all data breaches are started by an employee negligence through phishing attacks. The number of attacks will only go up as cybercriminals continue evolving their attacks with advancing technologies.
INFORMATION SECURITY TRAINING IS ESSENTIAL FOR ALL DAYTON BUSINESSES
While the goal is to create an infrastructure impermeable to all possible attacks, it’s rarely possible. The truth is, if hardware or software programs could stop all cyber-attacks, then we would never see massive ransomware attacks hitting fortune 500 companies. You should definitely continue investing in that infrastructure, but it’s also important to invest in your greatest asset…the staff. Staff information security training is one of the best things any Ohio business can do to secure company and customer data.
Human error is typically the key behind most successful cyberattacks, but less than 50% of employees actually receive training from their employers. Which is a disheartening statistic when, according to the FTC, staff training should be one of the basic cybersecurity measures for all companies.
EFFECTIVE TRAINING DOESN’T HAVE TO BE DIFFICULT
Cybersecurity and information security training is an essential investment, one that every Dayton Business should pursue, but very few companies have the resources and time to create an engaging and effective program. Which brings us to our top 4 suggestions for effectively re-defining your information security training program:
- Keep your lessons brief. Very few people want to add lengthy training sessions to an already busy work schedule. We have all been in day long training courses that we end up mentally checked out from after an hour. That’s really not at the fault of anyone, our brains can only process so much at a time. The goal here is to keep each training session brief, focusing on one to two topics. Let the staff learn something quickly, quiz them on what they learned to ensure the information stuck, and then move on for the day.
- Frequent lessons are the key. Think of your brain as more of a muscle than an organ. Just like developing any muscle in your body, frequent exercises over time are way more productive than one long and intense training session. When training staff on information security, there are dozens of areas you can discuss, which makes this part easier than you may think. Take your top 10-12 topics, plan out 1 short lesson each month, and over the span of a year, all of the topics will be covered.
- Let’s have fun. Keeping the staff engaged is the only way they will retain information long term. This can be hard to do but gets easier with practice. There are dozens of games and exercises online that can help with making a lesson fun for the staff. Also, try adding animated or comedic videos into your training to make your staff laugh. Going back to the first pointer, if you keep the lesson brief, making it fun throughout also becomes easier.
- Always focus on the Phish. Phishing continues to dominate the cyber-crime arena, and social engineers continue to find more elaborate ways to trick us into giving up information or opening the doors to our information system. A training program that consistently discusses things to watch out for in emails and provides examples of recent phishing attacks is essential in helping your staff develop those Phish-Finding habits.