In previous blog posts, we have emphasized the importance of data security and the fact that every business can expect a data breach at some time or another. Cybercriminals are increasingly targeting Connecticut small to medium-sized businesses (SMB) to steal potentially valuable information, and to hijack SMB computing resources to attack other businesses. When launching these attacks, hackers target the weakest link—your employees. That’s why cybersecurity training is essential for every organization.
According to a survey of security and privacy training professionals, 66 percent said that employees are the weak point in data security. Sixty percent of those surveyed say employees have little or no knowledge of security risks, and only 35 percent of senior executives see cybersecurity training as important. However, 14 million U.S. businesses are at risk from hacker threats, and some estimate that as many as 60 percent of SMBs that suffer a cyberattack fail within six months.
Given the risks of a hacker attack and its aftermath, why wouldn’t SMBs offer employees cybersecurity training? The basics of cybersecurity aren’t complex and every business would benefit from training its employees. That’s why we developed our free Cybersecurity Awareness Training video that you can watch below:
Here are just a few of the cybersecurity insights your employees will gain from the NSI cybersecurity training program:
- You will be hacked – It’s not a question of if you will be hacked, but when and, more importantly, how bad will it be? Cyberattacks target SMBs using methods such as malware (71 percent), phishing attacks (43 percent), viruses or worms (36 percent), and ransomware (23 percent). You can never be prepared for the source of an attack. For example, the attack on Target came from Fazio Mechanical, an innocent Target contractor whose network was compromised and used to penetrate Target systems. Proper cybersecurity training can prevent most of these types of data breaches.
- Ransomware – Threats from ransomware are on the rise, with a new attack occurring every 40 seconds. Most ransomware attacks are delivered via email, so it’s essential that your employees learn how to watch for email threats. For example, look for spelling errors to identify bogus messages and always check the sender’s address to make sure the message is from a trusted source. It’s also good practice to never click on an email link or attachment unless you are 100 percent sure of the sender’s identity.
- Social engineering – One of the most common forms of attack is social engineering, in which someone tries to fool you into providing proprietary information. Social engineering can come in many forms, such as an email from a friend or your boss asking you to click on a link or to send sensitive information. Most phishing attacks are attempts to get sensitive information that will give an outsider access that can do real damage to the company.
- The employees’ responsibility – Every employee has a responsibility to promote cybersecurity. As part of NSI’s cybersecurity training, we encourage employees to pause, think, and act—pause before clicking on a link or responding to a questionable message; think first and look for signs that something may be amiss; and act accordingly, checking on suspicious activity and reporting it to prevent a successful attack. Employees are the first line of defense in the event of an attack.
- Protect passwords – One of the easiest ways hackers access SMB computing systems is by stealing passwords. Too often, employees use the same password for everything, or worse, they write it down and leave it posted near their computer where anyone can see it. Maintaining secure passwords is one of the best ways to protect business systems, and it’s not that difficult.
- Update your computers – Employees also don’t realize the importance of shutting down their workstations periodically. While it might be easier to just leave the computer on, shutting them down at the end of the workday allows for automatic updates that can protect systems from viruses and malware.
- Ask for help – Some workers fear they will look foolish if they ask for help. NSI’s TotalCare help desk is available to help customers deal with routine user issues as well as complex IT problems. It makes more sense to call the help desk with a question or concern rather than risk losses from a data breach.
Make employees aware of cyber threats and show them what best practices they can adopt to prevent a cyberattack. Knowledge is your best weapon against cyberattacks. Employee cybersecurity training is inexpensive (especially when you consider the cost of a data breach) and provides remedial training and practical exercises to keep security top of mind with your staff. Making employees aware of potential threats can help keep your corporate data safe.