How can you improve employee cyber security awareness?
While having the right technology, policies and strategy are important to cyber security, employee training and awareness are key to preventing the most common cyber attacks.
Despite the importance of employee cyber security awareness, over half of the senior IT decision makers we interviewed (53%) agreed that employee cyber security awareness needs drastic improvement.
In this blog, we’ll highlight a series of cyber security tips which businesses can use to raise employee cyber security awareness.
1. Point out that it’s everyone’s responsibility
Employees are often the greatest risk to a business’ cyber security – and much of this comes down to a lack of education and cyber security awareness.
One in five (20%) senior IT managers believe their employees don’t care about cyber security – but the truth is that often employees haven’t been informed of the importance of cyber security or their role in ensuring business data is kept secure.
Cyber security is everyone’s responsibility. The entire business needs to understand the risk of cyber threats. It no longer falls to just the IT department to keep business data safe. If businesses are to protect their data and thwart cyber attacks, they must educate employees on its importance, train them and get them invested in the business’ cyber security.
2. Highlight the importance of software updates
Cyber attacks like WannaCry highlight the implications of not updating or running routine software updates.
Much of WannaCry’s spread was due to organisations failing to apply patches released by Microsoft. These patches had been released months before the WannaCry attack.
A report from the UK’s National Audit Office (NAO) found that the National Health Service (NHS) was warned by its digital arm to patch its computers against WannaCry as early as March 2017 – two months prior to the attack.
If SMBs are to keep data safe, employees must be constantly reminded of the importance of running software updates – this might be a case of providing examples and/or showing the benefits of doing so. Employee cyber security awareness training is also integral.
3. Explain how passwords can make or break security
According to our research report, 52% of those aged between 18-25 regularly use the same passwords across multiple devices and online accounts, despite the clear security risks.
Again, much of this comes down to employee cyber security awareness. Most value accessibility over security and are afraid of forgetting their passwords and losing control.
The irony is that by using similar passwords these employees unwittingly forfeit control of their accounts to cyber criminals. If a cyber criminal is able to hack just one employee account – they can potentially gain access to the business’ infrastructure.
Technology exists to substantially improve account protection; two and multi-factor authentication, for example, require account holders to provide two or more bits of information in order to access an account. This could be inputting a code sent via text to the account holder’s mobile phone or answering a secret question.
In addition to two and multi-factor authentication, there are a number of password management applications out there that can generate and store encrypted passwords.
Employees should, therefore, review their current passwords and consider using a password manager instead. It’s far more secure and can easily retrieve passwords.
4. Make sure employees know that cyber security and cyber attacks are constantly changing
Despite cyber security constantly changing, a quarter of UK SMBs (25%) have no plans to review their cyber security in the near future.
To protect themselves from cyber attacks, SMBs must regularly update cyber security software, implement new policies and keep employees informed of changes. If employees are involved in these changes they will understand their necessity, gradually become more invested and actively follow the business’ cyber security procedures.
Raising employee cyber security awareness is as much about educating and training employees as it is involving them. This is the best and only way to develop a culture of security and get employees to care about cyber security education.
For more information on the current SMB cyber security landscape, download our market research report for free by clicking the button below.
Privatise’s business VPN solution is the first internet privacy protection tool developed specifically to meet the practical needs of small and medium businesses.