As our world continues to become more connected and dependent on technology, cybersecurity becomes more important than ever. Even more so today, in the midst of a pandemic lockdown, our attack surface only increases as we shift to more remote working. It is easy to overlook the importance of our security if we’ve never faced a threat, but the fact is that 70% of businesses believe remote working makes them more susceptible to attack. Further, for companies who have a Bring Your Own Device (BYOD) policy, or perhaps were not prepared to shift an entire office to working remotely and had to ask employees to use their own devices, this personal blend of work and personal life increases the likelihood of attack for both the company and end user.
So, why do you need training? Studies show that the majority of attacks are attempts to exploit the human factor. In fact, 90% of data breaches are caused by human error. Rather than trying to hack a device, network, or online account by brute force, most attackers opt to trick people into giving their information voluntarily through phishing and social engineering attempts or lead the end user to click on a link that leads to a malware or ransomware download. You may be asking why attackers would be after you, rather than your organization. Attackers know that people are the weak link in the chain of cybersecurity. People are easier to compromise or exploit at scale than a business. This is even more true when people work from home, because we tend to behave differently online at home than when we’re in the office. Attackers understand this and know that no matter what security protocols and infrastructure are put in place by the company, you’re only as strong as your weakest link, and unfortunately, people are that weak link.
How to Protect from Human Error
What’s the best way to prevent humans from being your weak link? You guessed it— education and training. Ultimately, keeping yourselves secure by learning best security practices will result in people becoming a strong part of that security chain. Whether you’re an individual or an organization, learning how to keep yourselves secure is the best way to fend off attacks, because it is not a matter of when an attacker will attempt to phish or socially engineer you, it is only a matter of when. When it comes to securing yourselves, it is crucial that you first understand why it is necessary and how to do it.
When it comes to education and training, here’s an approach I recommend:
Provide company-wide educational training
Company-wide cybersecurity education is useful because it gets an organization on the same page about security and can help spark the internal culture that is needed to keep the company protected. Employees must understand their individual role in keeping the organization safe. When I host trainings, I like to break security down into three simple categories that all understand:
- Secure your devices
- Secure your network
- Secure your online services
When an employee understands that security boils down (mostly) to securing those three areas, it may help them understand that security is more accessible than they thought previously.
Make online cybersecurity training courses available to employees
Like any skill, we get better with consistent training. If an employee is introduced to a culture of cyber-aware practices and is provided with consistent training, it is a lot less likely that each employee is going to put the company or their own data at risk.
While today’s technology makes the world an easier, more convenient place, we must know that that convenience comes at the cost of our security. Our best bet in keeping ourselves secure is to teach people why cybersecurity matters and how it is accomplished. When we make this a regular part of our lives and careers, we make ourselves significantly less likely to fall prey to an attack.