Cybersecurity Training for Employees: 8 Things Staff Should Learn

20 August 2019

Cybercrime is a very real threat to organisations in every industry sector, affecting the data and security of businesses big and small. It’s estimated that online fraud and data loss costs the UK over £3 billion every year, highlighting just how important it is to invest in the right cybersecurity for your business.

While hackers and criminals are using more and more advanced methods to infiltrate systems and networks, one of the biggest contributors to the rise in cybercrime is actually caused by human error. Indeed, it’s estimated that around a quarter of all data breaches are caused by employees unwittingly falling victim to online attacks, leaving businesses completely exposed to data theft and corruption.

To counteract this, it’s absolutely critical that businesses give their personnel the training and guidance they need to protect themselves and the company’s data from cybercriminals. In this guide, we’ll be looking at eight things all staff should learn to lessen the likelihood of a data breach.

1.     Keeping Outside Devices Off the Internal Network

Ensuring that internal networks remain secure and free from malware is integral to the ongoing cybersecurity of your business. One of the greatest threats to network security are rogue devices which aren’t normally connected, such as smartphones and tablets brought in by your employees. That’s because malware essentially piggybacks from an external source to your private network through the device, posing a significant risk to data and security.

Make sure that your employees understand the risks of connecting to the internal network from their own personal devices, and enforce the use of a VPN, which encrypts data and makes it difficult for nasties to infiltrate your network. The use of personal devices on the internal network can be difficult to police, so it’s something that employees need to be educated on.

Potential cyber threat

2.     Creating Strong Passwords

Password management is one of the first steps in ensuring watertight network security, but it’s something that many people overlook or get wrong. One of the first things cybercriminals look for when trying to access private data are weak and predictable passwords, so it’s absolutely critical that your team invest time into creating strong, effective passwords across all their platforms and systems.

Just one weak password has the potential to compromise network security, leaving your data vulnerable to cybercriminals. Make sure that all of your employees use strong passwords comprising of a series of unpredictable numbers, letters and special characters, and that they don’t use the same one across all platforms.

3.     Understanding Filters and Firewalls

Antivirus software, including firewalls and malware filters, is excellent for protecting your organisation’s data, and we’d strongly recommend investing in the very best programmes available. That said, an overreliance on such technology can leave your system open to cyber-attacks, and it is possible for hackers to infiltrate even the most advanced of antivirus software.

When onboarding new starters or carrying our regular staff training, be sure to educate them on the limitations of your company’s antivirus software, so that they know what to look out for should the programme fail. You should also instil in them the importance of using firewalls and filters, which are so often the last line of defence against cyber-attacks.

4.     Spotting Dangerous Email Attachments

Email scams are among the most successful and prevalent forms of cybercrime, allowing criminals access to your company’s data and hardware in an instant if they’re not dealt with in the right way. One of the most dangerous aspects of email scams are attached items, which provide a gateway into your network for hackers when they’re downloaded and opened by members of staff.

It’s absolutely crucial that your people know how to deal with scam emails, and that they’re aware of the dangers of opening attachments. Instil into them a natural suspiciousness for any emails which simply don’t ring true, and share any knowledge of scam emails you’ve personally received so that others know what to avoid.

checking for computer threats

5.     Regular System Updates

We get that system update alerts can be annoying and ever-so-easy to ignore, but it’s important to keep all software up to date wherever possible. Hackers are aware of the vulnerabilities and security holes which can appear when a device isn’t kept up to date, and they’ll actively track down software that hasn’t been updated, looking for a backdoor into your network.

Even if it means that staff aren’t able to work for a short period of time throughout the day, it’s absolutely crucial that you give them the time they need to update their systems and software whenever necessary. Software companies regularly release patches which are designed to plug and fix security flaws in current software versions, and without them, your business network would quickly become vulnerable to cyber-attacks.

6.     Identifying Phishing Scams

Phishing scams in the form of emails take various forms, and some are much more convincing than others. It’s incredibly easy to get tricked into clicking into or responding to a phishing email, which is why it’s so important that your people know how to identify and deal with them.

Here are some of the things to look for which tell you an email is a phishing scam:

  • Suspicious links
  • Spelling or grammar mistakes
  • Strangely typed display name or suspicious email address
  • Sensitive information requests
  • Urgency
  • Formatting issues

These are just a few examples of what often appears in a phishing email, so it’s important that both you and your staff stay abreast of the latest developments and tactics cybercriminals employ to trick people into interacting with phishing scams.

7.     Emergency Response Procedure

In the event of a cyber-attack or infiltration, it’s absolutely critical that your employees know what to do and who to turn to for help and advice. The longer a breach is left undealt with, the more damage and loss of data can occur, so having a steadfast emergency response procedure in place is crucial to safeguarding your business assets.

Think carefully about who the best person would be to handle a data breach. Normally, this will be a member of your IT team, or yourself if you’re only a small business. In any case, make sure they’re aware of their role and draw up a public document which instructs people on what to do if their device is compromised.

8.     Multi-Factor Authentication

Multi-factor authentication has emerged as one of the best lines of defence against would-be hackers, creating additional barriers between them and your sensitive business data. The more barriers that you put in place to prevent a breach, the safer your data, so it’s well worth encouraging your employees to set up different multi-factor authentication options for their various systems, platforms and hardware.

Multi-factor authentication is essentially a combination of two or more different verification techniques, which need to be combined correctly to allow access to the user. This can be anything from inputting a passcode sent to a user’s trusted mobile device after they’ve inputted a correct password, to a fingerprint scan or other biometric barrier. By combining different factors and educating your personnel on the importance of MFA, you’ll lay the foundations for a highly secure corporate network.

For more IT tips and advice, be sure to check out the other guides on the CDL blog. If you’re looking for IT disposal services, visit our homepage or call to learn more about what we can offer you.


Back to News

Instant Quotation