Blog
Stay Updated With The
Latest IT News
Cybersecurity Basics: Train and Test Your Employees
“The global annual cost of cybercrime is predicted to reach $9.5 trillion USD in 2024.”
— Esentire’s 2023 Official Cybercrime Report
That’s nearly 25% greater than 2023’s already staggering $8 trillion number, but still less than the $10.5 trillion cost predicted for 2025.
Cybersecurity threats grow year after year; there is no reason to think they won’t continue. After all, at this point, technology is integrated into nearly every aspect of our lives: shopping, banking, entertainment, interacting with the government at every level, to name just a few. Even the cars we drive are fundamentally tech-based.
The truth is, it would be extremely difficult to function in modern society without involving yourself in a significant amount of technology.
Of course, much of this is good news. The problem is that the more we use and depend on technology — in both our personal and business lives — the more attractive we become as targets to the people who want to take advantage of that dependency.
These days, all of us are more vulnerable than ever before to cybersecurity threats.
Two Essential Pieces to Corporate Cybersecurity
Technology Safeguards
From a tech perspective, it’s a never-ending arms race. The bad actors never rest; businesses need to continually improve the tools and safeguards they put in place.
Fortunately, much of this can be implemented on a global basis across a company or network, whether that means improvements in network security, virus protection, or company policies that prohibit certain devices or activities.
The human side, however, is a different story…
Human Safeguards
Without question, it’s the people in your organization who represent your greatest cybersecurity weakness. Here, there is no universal fix that can be applied across the board; each person has the potential to expose your company to a long and dangerous list of threats.
Most of these are not tech-based. They are the result of an individual being fooled into taking a certain action, not realizing that something which appears to be legitimate — a link, text message, email, QR code, etc. — is anything but (AKA, “phishing”).
For example, there have been countless incidents in which someone in an organization, an administrative assistant perhaps, receives an email request that appears to come from somebody high up, like the company CFO. The admin is asked to do something, maybe buy a pile of gift cards and send them via email. The request turns out to be fraudulent and by the time it’s discovered, the money is gone.
And it can get much more serious than gift cards. Just last month, a finance worker in a multinational firm was tricked into paying $25 million (not a typo!) to fraudsters who fooled him into believing that fake participants in a video conference call, including the company’s CFO, were real. Thank you AI.
What Can Be Done?
As devastating as some of these examples can be, in most cases, the individuals who click dangerous links or send money where they shouldn’t are not entirely to blame. The bad guys are incredibly good at making things seem real.
The solution is training and testing. A number of companies — ours among them — provide these services.
Training
It’s not enough to tell people to “be careful.” They need to be shown, specifically, what these fraudulent tactics look like and shown, specifically, what steps they should take (or not take) to guard against them.
In our experience, the most effective training consists of self-paced modules in the form of short, easy-to-digest videos.This keeps people from getting overwhelmed with too much information at once and allows them to learn at their own pace.
Plus, all of this can be monitored, so you can keep track of which employees have completed which types of training.
We recommend this be done at least annually per employee.Things change and you want to make sure your people are up to speed and aware of the latest tactics.
Testing
Fortunately, you don’t need to wait to see how well your employees respond to a real threat — a pretend, “Phishing Test,” can be administered (usually by a third-party company) that attempts to trick your employees into taking dangerous actions.
This should be done regularly (we recommend two-three times per year) and, of course, without warning, to see where your weaknesses may lie. The results can be shared with senior management and those individuals who perform poorly can be given additional training.
Cybersecurity Requires Ongoing Vigilance
When it comes to getting and keeping your staff up to speed regarding cybersecurity threats, it is anything but a one-and-done endeavor.
New people join your organization, the technology evolves, the bad guys keep changing their approach, and your people simply forget to pay attention in the midst of trying to get their work done each day.
Each person in your organization represents a potential hole in your defenses. Regular training and testing are essential for staying safe.