11 Tips For Teaching Your Company’s Employees Good Cybersecurity Habits

Expert Panel, Forbes Technology Council

While investing in solid hardware and software is important, even the best systems have a common point of vulnerability: the users. It’s vital for companies to train their employees in good cybersecurity habits, and that’s a task that often falls to the tech department.

So how can companies encourage good cybersecurity habits? We asked 11 Forbes Technology Council experts to share their best suggestions.

1. Give Them Ownership

Employees often believe that securing information is the IT department’s job, so they often do not take ownership of the process. Establishing a sense of ownership and collaboration toward information protection among the employee population—essentially deputizing them into the information security program—will encourage and empower them to contribute to the protection of company assets. – Saryu Nayyar, Gurucul

2. Make It Personal

Businesses need to teach employees about how their personal life is often compromised by hackers to access their corporate life. Hackers know that people use apps for personal and professional communication. Employees need to understand that they broadcast their psychology to the public, so they need to be vigilant about what they share on apps, who they connect with and what links they click. – Otavio Freire, SafeGuard Cyber

3. Resist ‘Autopilot’ Mode

Many cybersecurity breaches rely on people’s predictable behavior, such as opening the door to let people in (tailgating) or clicking on a link from a trusted contact. AIs and bots can also replicate real people’s style of messaging, so an employee cannot stay on autopilot. An attentive employee will identify red flags—tailgating or emails with typos and bizarre links—and report them to IT. – Arnie Gordon, Arlyn Scales

4. Constantly Educate

Considering today’s technology landscape, the number of mediums to receive and transmit data is seemingly endless. End users need consistent and constant education on good cyber hygiene: specifically, paying attention to email headers to see if they match the actual sender and not clicking on unknown links, attachments or ‘ads’ that seem legitimate. Awareness is vital! – Maria Mast, Management and Network Services, LLC

5. Verify Information Requests And Keep Apps Up To Date

A tip that we stress is verifying requests for private information and keeping apps up to date. Many times an old version of an app contains a loophole that can be taken advantage of by those seeking to infiltrate your system. This goes hand-in-hand with verification of private info. These simple habits can increase your security in an efficient and cost-effective manner. – Alexandro Pando, Xyrupt Technologies

6. Focus On Strong Passwords

Password best practices should be priority No. 1. While birthdays are easy to remember, they are easy to hack. Passwords should be made up of random letters, numbers and symbols, if allowed, and never repeated for multiple accounts. The KISS (keep it simple stupid) strategy does not apply here—the opposite is in fact ideal. – Don Boxley, DH2i

7. Reinforce Through Explanation

A comprehensive education system needs to be established for new hires, then regularly updated. It’s no use to tell an employee to do something—you need to explain why it is vital. Make use of other companies’ shortcomings for examples, and do what you can to motivate employees in being supportive of your product(s), making them more likely to adhere to safety protocols. – Artem Petrov, Reinvently

8. Make Lessons Relevant

Oftentimes, online-based compliance training is too boring, too full of jargon or too abstract. I like to show examples—scrubbed of personal details, of course—of actual infection vectors that users within the company have fallen for. Now, instead of a lame nonsensical example from the mostly ignored Web training, users report phishing and malicious ads, noting, “I remember seeing this before.” – Doug Shepherd, Nisos

9. Encourage Verifications

Build a culture of verification. If you get an email from your boss asking you to change her bank information immediately, verify it with her. If it’s in the culture, your boss will not get annoyed at verifications of this sort. Hence, it will encourage employees to verify things more often. Injecting it into the company culture is the important part. Otherwise, this verification process will fade away. – Vikram Joshi, pulsd

10. Detail How To Identify Attacks

Phishing uses impersonation and other deceitful tactics to trick users into surrendering credentials or access to their accounts. Malicious parties can then bypass traditional defenses and steal corporate data through what appears to be legitimate data access. Consequently, employees must be shown how to identify the signs of phishing, including strange email domains, typos and communications. – Rich Campagna, Bitglass

11. Conduct Phishing Tests After Training

We conduct quarterly training sessions (usually short videos with a quiz) and phishing tests. The phishing tests are crafted to look like real emails, and we can see the metrics on any opens or clicks. We know this is helping because clicks on test email links have gone way down. We recently had a penetration test at our firm, and the vendor was unable to get any clicks on his payload emails. – John Sanborn, RAA

External Link: 11 Tips For Teaching Your Company’s Employees Good Cybersecurity Habits

Share this page:

Related Posts