How savvy are your employees when it comes to cybersecurity? Today’s sophisticated phishing scams take more than an awareness poster to properly defend against.
Hackers continually target the “human factor” when it comes to trying to gain unauthorized access into your system because they know that just one wrong click on a malicious link during a stressful day can get them into your network.
Ongoing employee cybersecurity training is becoming more vital to business health due to the high costs of data breaches which include:
- Cost of emergency IT help to remove the malware
- Cost of replacing lost records
- Cost of data privacy non-compliance fines
- Loss of trust and future business from customers
- Loss of productivity while the breach is being handled
Twin State Technical Services helps companies in the Quad-Cities area educate their employees on cybersecurity so they can be part of a strong overall defense against hacks. We use security awareness training tool KnowBe4, which includes multiple resources to keep staff on their toes about the most recent threats out there today.
What should you be teaching your team about cybersecurity?
Here’s What Your Employees Need to Know about IT Security
You train your employees on handling customer calls and how to do their key job tasks, and it’s just as important to teach them how to protect your network from a data breach with security awareness and best practices.
27% of data breaches are the result of human error. (IBM)
Here are the key things that you should be including in your employee IT security training.
1. How to Avoid Becoming a Victim to a Phishing Email
The top method hackers use to deliver malware that can facilitate a data breach is through phishing emails. While they used to be much easier to spot over a decade ago, with misspellings and poor graphics, today they’ve become much more sophisticated.
They’ll often use the same logo, fonts, and signature as a company like AT&T or Amazon, making it much harder to tell a fake from the real thing at first glance.
Training tips for employees on spotting phishing emails include:
- Hover over links instead of clicking them to reveal the true URL
- View the source code of the message to see the real originating email address
- Never open a suspicious attachment, especially if it’s in a format such as .exe
- Don’t react to threats, which are commonly used in phishing emails
- Get a second opinion for any email you’re unsure of or aren’t expecting
2. What Types of Wi-Fi to Use (or Not)
More and more companies are taking advantage of the cost savings and productivity boost from using remote workers. With both remote workers and those who are simply traveling you may have staff connecting to your business applications from non-secure internet connections if you don’t train them otherwise.
Wi-Fi best practices include:
- Do not login to anything when on a public Wi-Fi
- It’s best to avoid public Wi-Fi altogether because it’s unsecure
- Make sure home Wi-Fi’s have a strong router password set and are secure
- Using a virtual private network (VPN) can ensure a secure connection, even on a public Wi-Fi
- Be aware of which Wi-Fi your devices may automatically connect to when traveling
3. Protecting Sensitive Company and Customer Data
If you’re at a tradeshow and jot down someone’s credit card number, then just toss it intact into the trash once you’ve phoned it in, that’s a huge security breach.
Various employees may handle different types of sensitive data every day, including emails, addresses, credit card information, and SSNs. Make sure they understand what company protocols to follow for handling that data securely and in accordance with any data security policies that you’re required to adhere to.
4. Good Password Management
Passwords are often all that’s holding a hacker back from gaining entry into your network or data storage, and they’re just counting on the fact that one of your team members might be using an easily hacked password.
Train your team on good password management, such as:
- Using strong passwords of at least 7-10 characters or more
- Using a combination of letters, symbols, and numbers
- Using both upper-case and lower-case letters
- Using a respected password management tool
- Not using the same password for multiple logins
- Using two-factor authentication
5. What to Do If They’ve Clicked/Downloaded Malware
If an employee accidentally opens a dangerous attachment or clicks a link to a malicious website, their first thought might be to panic and hope they don’t get in trouble. But you actually want them to alert someone immediately so protective actions can be taken.
Layout a protocol that employees should follow if they think they may have downloaded a virus or malware and train them on the steps so they’ll know just what to do if and when that accidental click happens.
Request a Test Drive for KnowBe4 Security Awareness Training
Twin State Technical Services is an authorized reseller for KnowBe4, a sophisticated and easy to use IT security training platform designed to help your employees become a “human firewall” and avoid becoming a phishing victim.
Would you like to see it in action? Give us a call today at 563-441-1504 or request a demo online.