Cyber Security Best IT Practices IT Support & Services

Importance of Employee Security Training

Bill Kimbler
Bill Kimbler
CW Technology - Employee Security Training

In today’s day and age, when it comes to securing your company network, you must think beyond technology. Relying on firewalls, anti-virus software, and secure remote connections, such as VPNs, is simply not enough anymore…

Why? Even with all these tools and services in place (and possibly more), you are only 50% protected, at best… Yes, these products and solutions protect your network from being attacked externally. BUT! These products and solutions do not prevent cyber criminals hacking into your system internally.

Why? Because the actions of your employees and those that use your network infrastructure are the greatest risk to your network.

That’s right! It’s not external threats, like economic changes or natural disasters, that are the root cause for cyber security attack. It’s internal threats, or better known as insider threats: it’s your employees!

Employees Are Your Weakest Security Link

You might think, “Employees are smart and trusted individuals, and know how to safely use the Internet.” True, but a single mistake, such as interacting with a phishing scam or sharing personally identifiable information (PII), is all it takes.

You might think, “Well, not all employees have access to an organization’s sensitive and confidential data.” That may be so, but that doesn’t mean they still can’t accidently misuse the organization’s information or install illegitimate software. What’s more is employees with low levels of security are even bigger and easier targets for cyber criminals.

You might think, “Okay, but there are many large businesses with sufficient money, resources, and exceptional cyber security protection, so their employees aren’t a risk at all.” All organizations – no matter size, shape, or industry – are at risk to cyber security attacks, and especially those caused by their very own employees. In fact, there are countless examples of sizable, successful companies whose cyber security attacks are caused by insider attacks. Just last year in 2020, Amazon, Twitter, and Tesla, to name a few, were those some of those companies…

Let’s Talk Statistics

Frightening information, disturbing numbers, and sadly enough, not a whole lot of good news to expect from the coming future. That is… if organizations don’t start taking cybersecurity measures more seriously, starting with their employees.

To give you an idea, below are just a few, key takeaways from a recent study conducted by Cybersecurity Insiders – 2020 Insider Threat Report:

  • “58% of organizations consider their monitoring, detecting and responding to insider threats somewhat effective or worse.”

  • “68%” of organizations feel extremely to moderately vulnerable to insider attacks.”

  • “52% of organizations feel it is more difficult to detect and prevent insider attacks compared to external cyber-attacks.”

  • “68% of organizations think insider attacks have become more frequent in the past 12 months.”

Let’s also not forget this tiny (but not actually) detail: human error accounts for 95% of successful cyber-attacks.

Solution

Say it with me: employee security training.

How can you keep your employees engaged and accountable for the security of the environment if they are not aware of the risks? Employee security training should be a comprehensive, continuous program that trains individuals on defining and recognizing threats, the excessive consequences (personal and business), and prevention steps.

A successful training program not only focuses on what employees should know about network security, but what they should do if they see a threat. Training should not be targeted toward discipline of those that have an issue, even though an acceptable use policy for IT resource use should be implemented.

Instead, training is to be focused on the threat types, how to spot them, how to proceed when a threat comes up, and how to report any issue correctly. Important topics for a valuable program should include the dangers of hacking, stolen mobile devices, posting sensitive information, among other causes of data breaches. Training should also be done at regular intervals and include “live fire” runs. Products such as KnowBe4 allow a company to send test emails to employees and provides training to those that click on the link or enter information into the fake email; knowing that these tests are being used keeps people on their toes.

Remember, employees count of employment from the company for their livelihood. If they know the threats and how it can compromise a company’s integrity, they will be more engaged in protecting it. Employee security training: one of the best investments you will make for security and in technology.

Take Action…Now

Employee security training is not a suggestion – it is essential to all businesses. Without the proper precautions, you and your business will greatly suffer both internally and externally. Revenue and client loss, damaged reputation and compromised information, along with personally identifiable information and/or intellectual property theft are just some of the consequences. With an employee security training program in place, you not only increase employee knowledge and confidence, but establish a culture of security within your organization.

CW Technology makes employee training and engagement in security part of every Client Strategy plan we implement with all clients.

If you’d like to learn more about employee security training, or you simply need help in determining what are the optimal protection services for you, CW Technology is here to help!

Connect with us for a Free Security Assessment or reach us at (855) 728 – 7130!
Bill Kimbler

Bill Kimbler

With 25 years of experience in the industry and over 13 years at CW Technology, Bill Kimbler has impacted quite a few thousand businesses over the years. As a partner and Business Development Lead at CW Technology, Bill’s role is centered on discussing the dynamics of IT support and the managed services model.