Cybersecurity awareness is a top concern for US Business. It’s estimated that 64% of companies have experienced cyber attacks. Just last month cyber attacks shut down Colonial Pipeline’s entire network, which contributes to nearly half of the East Coast’s fuel supply. The impact of a cyber attack on your organization may not have such a wide-reaching impact, but any breach could seriously damage your business.
- The average cost of a cyber attack for businesses of all sizes is $200,000.
- 60% of small companies go out of business within six months of suffering an attack.
Protecting your company with tools like a firewall, virtual private network and anti-malware software is a great start but the biggest chink in your company’s cybersecurity armor is your employees. Most attacks are initiated through phishing emails. Just one mistakenly opened phishing email could put your entire company at risk. The best way to combat cyber threats is by requiring your employees complete comprehensive cybersecurity training that covers phishing emails, malware, password security and social media safety.
Train Employees to Refuse Email Bait
The biggest defense for email security is learning to recognize phishing attacks which trick users to reveal secure information, allowing cybercriminals to gain access to your network. Phishing emails offer an incentive to click, like a business opportunity, or may even be disguised to look like it came from a trusted source.
Making employees aware of phishing scams should include providing examples of relevant phishing emails and tips for identifying attempted attacks, according to Infosec. Remind employees of some best practices:
- Do not trust unsolicited emails
- Do not send money to anyone without checking with leadership
- Do not click on unknown links
- Do not open unknown email attachments
- Be wary of email addresses that include an unkown company name or include random letters and numbers
- Turn on spam filters
Stop Random Software Installation
It’s very easy to click in the wrong place and suddenly have new software start downloading on your laptop. That download could be malware which is malicious software that is used to steal sensitive data. Malware can disrupt your service, steal your personal information, control your applications or even completely break down your entire infrastructure. Malware includes viruses, worms, bots, trojans, adware, spyware, rootkits and ransomware (the malware that shutdown the Colonial Pipeline). Malware is commonly delivered to systems through drive-by downloads when a user mistakenly clicks on a triggering link along with phishing emails and malicious removable media like a USB drive, according to Infosec. Preventing malware downloads should include:
- Warning employees never to install unauthorized software
- Setting up permissions so employees can’t download anything without permission
- Keeping antivirus software updated on individual laptops
- Asking IT to develop a plan for combating a malware infection
Educate Employees about Creating Strong Passwords
It is estimated that more than 80% of data breaches are due to password security. Many users reuse passwords across multiple sites and 39% use the same password for all passworded accounts and devices. Weak passwords can leave your company open to cyber attacks. Train employees to create and use better passwords.
At minimum, a password should meet the following criteria:
- Upper case letters
- Lower case letters
- Special characters—$, !, @, *
- Total character amount between 8-32 characters
Remind employees that even if a password meets these criteria, it can still be cracked. For extra security, resist putting upper case letters first, putting a number or special character always at the end or using a sequence of numbers (1,2,3). Instead, mix up your characters, numbers in upper case letters to make your passwords more secure.
Reinforce password protection by scheduling frequent reminders to change passwords for software used within your organization. Adopt the use of a password manager to safeguard user credentials and provide the use of more than one form of authentication.
Keep Social Media Secure
Social media accounts are another area where cybercriminals can infiltrate your organization. Along with phishing and malware attacks, unattended social media accounts, human error, third party apps and imposter accounts can all put your company at risk for cyber attacks. Training your staff to follow your social media guidelines will help keep your company’s online profile safe.
- Make sure your social media policy includes rules about personal social media use, social activities to avoid and confidentiality guidelines, according to Hootsuite
- Use training sessions to review the latest social threats on social
- Limit access to your company’s social media accounts
- Routinely check that all posts are legitimate and monitor imposter accounts and inappropriate mentions
- Keep social media privacy settings updated
An online learning management system (LMS) can help you provide comprehensive cybersecurity training to employees. Online training modules allow employees to access training materials from anywhere. Using an LMS for training means completions can be tracked, essential when you want to make cybersecurity training mandatory for every employee.
Want to learn more about how using a learning management system can help you meet your business needs? Read our guide.