Pagoda Blog

In many companies, cyber security is the focus of the IT department or contracted managed service provider. HR, sales, admin, and all the other team members who work on the company network and handle company data and sensitive customer information rely on “the experts” to prevent a cyber security attack. This traditional approach, however, is deeply flawed and dangerous. Unless someone from IT were to monitor every employee’s online activity every second of the day and could take charge of the device before a risky action were taken, relying solely on “the experts” to protect your business simply isn’t feasible. 

 

Each and every team member is responsible for doing their part to protect your business from a cyber security attack. This means that employees across departments need to understand the threats and how to avoid them, from creating strong passwords to spotting and reporting phishing emails. To achieve this comprehensive training is two-fold. First, you need to motivate your employees to take cyber security threats seriously on a daily basis and second, you need to regularly train them in basic cyber security best practices—not just once, but throughout the year as the threats, and the steps to prevent those threats, change. 

 

So what does it take to inspire someone from HR to pay attention to cyber security threats and take the proper steps to protect your company? It starts with creating a culture of awareness and maintaining that culture through ongoing training, regular evaluations, and clear communication from onboarding to their final day. 

 

Here’s how to cultivate a culture of cyber security awareness at your organization and effectively train your entire team in cyber security:  

 

Include cyber security in the onboarding process 

Creating a culture of cyber security awareness should start as soon as a new team member is brought on board. Include a cyber security manual or PowerPoint presentation in your standard onboarding materials outlining the steps each employee is required to take to maintain a secure network. After they’ve reviewed these materials, new employees should be required to take a short quiz to reveal any gaps in their understanding. They should also sign an acknowledgement stating they’ve read the materials and that they understand the risks they subject the company and its customers to should they not follow cyber security best practices.  

 

Create a cyber security communication plan 

Create a formal plan that details how management and/or IT will communicate cyber security best practices and emerging threats across departments. It’s important to have a way to quickly share this information (such as via email or through your company messaging app) in addition to a more formal and memorable presentation at regularly scheduled team meetings to ensure everyone is made aware of new threats.   

 

Provide ongoing, mandatory training

Ongoing cyber security training for all employees is key to preventing a data breach. Platforms like KnowBe4 provide world-class training for non-tech experts, including an expansive library of automated training campaigns and simulated phishing attacks to test your employees’ grasp of the content using real-life scenarios. Using a vetted service for this type of training ensures that every employee receives the same information in an effective format. Setting up automated training campaigns with email reminders also ensures that the entire team stays up to date as cyber security threats evolve and that the training remains a top priority.  

  

Perform cyber attack simulations

Cyber attack simulations are a safe way to effectively test employees’ comprehension of training materials. KnowBe4 sends fake phishing emails to training participants without their knowledge. These phishing campaigns can be customized using personal information and send employees to an educational landing page should they fall prey to the scam. 

 

Conduct evaluations

Quarterly cyber security evaluations for each employee reinforces the importance of the trainings and gives management a chance to check-in and uncover any critical gaps in knowledge or failure to implement best practices. It’s important to remember, however, that cyber security threats can be extremely advanced, which means employees will still make mistakes. It isn’t always easy to spot a phishing email, even with proper training, so if an employee clicks a malicious link or shares sensitive data through an insecure form, be empathetic while also using the mistake as an opportunity for education. 

 

Appoint cyber security advocates

In each department, appoint someone from upper management as a cyber security advocate. It’s their responsibility to review new best practices and threats in-depth with IT and to be that department’s point person when team members have questions. The advocate should also be able to clearly articulate the ramifications of ignoring security measures and regularly evaluate team members’ adherence to the company’s cyber security policy. 

 

Cyber security is not an area that should be de-prioritized or saved as something you address when business is slow. Address it now, and across your entire team, to ensure you’re doing everything you can to mitigate cyber security threats and keep your business safe. 

Related posts: 

 

What To Do If You Receive Blackmail In Your Inbox

5 Virus Protection Tips Beyond Security Software

Why You Need a BYOD Policy and How to Create It

How to Protect Your Business From Identity Theft

 

Want to get more posts like these once a month in your inbox? Sign up for the Pagoda newsletter and sharpen your technical skills, from cybersecurity to digital marketing.

 

 

Want IT to serve you better?

 

 

 

––––––––––––––––––––––––––––––––––––––––––––––––––––––––––

About Pagoda Technologies IT services

Based in Santa Cruz, California, Pagoda Technologies provides trusted IT support to businesses and IT departments throughout Silicon Valley, the San Francisco Bay Area and across the globe. To learn how Pagoda Technologies can help your business, email us at support@pagoda-tech.com to schedule a complimentary IT consultation.