One thing we often tell COMPASS clients is that technology alone cannot prevent a data breach. The Three Pillars of Cyber Security — Technology, Policies, and People — work together to put up the best defense against malicious attackers. But how do you get your employees (people) to help you safeguard your data? These three cost-effective methods are a great way to get started:
1. Talk about cyber security in your employee newsletter. Many organizations have routine newsletter for their employees. One of the simplest ways to engage your employees in a discussion cyber security is to incorporate best practices and current data breach trends/articles in the newsletter. Employees are often unaware of the things they can do to better protect their devices. By providing helpful tips, you are safeguarding your organization’s data and helping your employees protect their own. By incorporating data breach news articles, your team can be aware of the threats that are surrounding every organization. Keeping employees up to date on Cyber Security Best Practices and current events will showcase the importance of keeping data safe and will encourage them to take the appropriate precautions to prevent a breach in your organization.
2. Educate employees with webinar and seminars. Employee education is key to lowering the risk of a data breach. An organization could have the strongest technological defenses and policies, but if employees don’t know how to securely send an email, lock their computers, etc., you may still be breached. To keep employees educated on current policies and best practices, routine webinars and/or seminars are critical. Webinars have become increasingly popular for organizations. They are fairly inexpensive to host, accessible to all employees, and allow organizations to deliver information in an efficient manner. COMPASS recommends quarterly or semiannually webinars to review current policies, update employees on any policy changes, and highlight the importance of following cyber security best practices. By routinely engaging with employees, you can create a culture that keeps cyber security as a top priority.
3. Track employee awareness with phishing exercises. While webinars and newsletters are great ways to educate employees on today’s cyber security threats, the best way to gauge their awareness and ability to protect your organization is through real-life scenarios. Employing routine mock-phishing exercises will allow insight into what would actually happen if your employees encountered a real phishing attack. You can create an email and send it to a sample (or all) of your employees and then track who clicked on the link inside. When developing the email, it’s important to make it as replicable to a real phishing email as possible. There’s a balance between making the message too obvious and too difficult to identify. A good rule of thumb is to draft an email as you normally would, and then go back and misspell some words, add unnecessary capital letters, and use broken grammar in select sentences. These types of emails should be reported to your IT department as suspicious. However, according to the Verizon 2015 Data Breach Report, more than 20% of users immediately click on the links, which then compromises that device. By sending out mock-phishing emails, you are keeping your employees vigilant and also educating them on the real threats of these types of attacks.
These are just three of COMPASS’ methods in educating employees on your organization’s policies and cyber security best practices. Proper awareness leads to a more secure network. Along with well written policies and technological defenses, your employees can help you safeguard your organization’s data.
For more information on how you can get started assessing your employees’ awareness of cyber security threats, contact Matt Flora at mflora@compasscyber.com.
