This article was originally published in the 2018 Fall PAMIC Pulse – The Pulse is a mutual insurance industry publication that aims to help companies understand emerging issues. Articles in the Pulse offer advice on how to grow and protect businesses. The impact of the Pulse reaches throughout the Mid-Atlantic states through readers from of PAMIC’s many member companies.
Running a tight ship is difficult, but it can be rewarding when you’re able to steer your vessel in the right direction and get to your destination without any issues. But ask anyone who plays an important role in running an organization and they’ll tell you, it’s never that easy. There are plenty of internal and external issues organizations will endure so along the way your team needs to have the knowledgebase to handle those matters with care.
The biggest external threat likely to U.S. organizations, just behind extreme weather and natural disasters, is cyberattacks. What do these top three threats have in common? Preparation and education are key to survival. Cyberattacks have grown exponentially over the past few years. In fact, 60% of companies go out of business because they’re unable to recover from one single cyberattack.
Being Aware of Cybersecurity Threats
Your employees are the first line of defense against impending cyber threats. The big question is, will they be able to recognize one when it presents itself? Since cyberattacks exist in a variety of forms, it’s understandable that teaching your employees how to distinguish each type and how to stop them is difficult. Driving home the value and seriousness of a cyber threat and how it impacts your organization is a great step toward reinforcing that sentiment.
Phishing, for example, is considered one of the most common cyberattacks. It occurs over email and is the type of cyberattack your employees will likely contend with on a daily basis. Phishing attempts have grown 65% in just the last year, while 76% of businesses reported being a victim of a phishing attack in 2017. And phishing is the least of it. What about malware or denial-of-service (Dos) attacks? The list of potential threats goes on and on and on, which is why awareness is essential.
How to Implement Appropriate Training
With global spending for cybersecurity awareness training expected to reach $10 billion by 2027, it showcases the willingness of organizations to allocate time and resources to make cybersecurity a priority. When it comes time to use those resources wisely, consider the following steps to make an effective cybersecurity training program.
- Assess the risk that your particular industry faces (e.g. the financial and retail industry have a higher chance of being victims to a cyberattack) and determine if there are specific regulations you must follow.
- After determining risk, start assembling specific training courses, videos, and documents that fit your organization’s specific needs. Some standard topics that should always be covered though are email protocol, how to create strong passwords, and a bring-your-own-device policy. Tailor your training to include real life examples that occur in your workplace and make it consistent for all your employees. Everyone from entry level positions to C-suite employees should undergo the training without exception.
- Ensure all of this information is being communicated properly. Whether it’s through an email, employee handbook, or during the onboarding process, which will help align each member of your organization.
- Repeat the training on a timely schedule to coincide with new cyber trends that you believe your employees should be aware of. And, ensure their cyber detection skills stay up-to-date.
So now that your employees are aware of the types of cyber threats that exist and they’ve received the proper training, what’s next?
Putting it to the Test
Having your employees undergo a simulated exercise isn’t unheard of. In fact, many organizations have even started phishing their own employees as part of their cyber training toolkit. There are a variety of ways to phish your employees. Consult with your IT department to have them create a temporary webserver and phish your employees through a fake email that leads them to a fake site, or work with an outside organization that provides a service to phish your employees.
Seeing how each employee does during your tests and documenting specific missteps will help you refine your cyber training. These test results will also help you deliver more targeted cyber education to all of your employees.
There is a wide range of tools and services you can use to enhance your cyber training and they are easy to find through your existing relationships or using a little web research. These can help simplify implementing internal cyber newsletters or accessing a toolkit if you need tips to help make your training content more engaging.
Managing cybersecurity threats can’t be a one person or one department job. Your leadership team has to work together with employees for an effective program. If your employees undergo the proper cyber training and are aware of the appropriate responses to a variety of situations, then it could potentially save your organization millions and help you stay in business. You’ll be sailing through calmer waters in no time.