The employees identified and reported all phishing email threats, happily updated their passwords without being prompted, and properly disposed of sensitive information.  They even pulled the sticky notes with passwords and credit cards off their desk. We met our goals, thanks to cyber awareness training.

It sounds like a utopian society for an IT Director, but is it possible with good cyber awareness?

The Demand for Cyber Awareness

The need for cyber awareness grows with the increasing threats to business.  Employees make mistakes; people make mistakes. IT folks – from CIOS, CISOs, and IT Directors, to IT Managers, and Help Desk Technicians –  face the challenge that comes from this human error.

The traditional focus of IT specializes in data centers, network infrastructure, storage, servers, hardware, software, etc.  Raising cyber awareness isn’t on that list, and it’s a new skill necessary for IT personnel. If you’re interested in building a cyber awareness training program from scratch, we recently outlined that process.  That article will teach you how to implement your own program.

It’s not the norm, but in many ways cyber awareness responsibility should fall in the hands of Human Resources, not Information Technology.  The human resources department has been training employees on awareness of laws, sexual harassment, ethics, etc. They have the strategies, technology, and understanding to deploy a successful campaign.

However, for most HR professionals, the thought of training employees on cybersecurity is daunting.  Too complex, too many topics…too scary. This is why cyber awareness training for employees falls on the shoulders of IT.

In most cases, cyber awareness training is best handled by both HR and IT together, as well as the rest of the organization.  Creating a culture of cyber awareness requires all of leadership to come together. Learn more about creating a culture of cyber awareness.

Why Implement a Cyber Awareness Program

IBM found that 95% of all security incidents involve human error.  Drop the mic.

Just kidding, there’s other reasons, but that’s a lot.  Common human errors that lead to cybersecurity incidents include the following:

  • Clicking on phishing links
  • Saving and sharing their password inappropriately
  • Sharing too much on social media

Phishing

Phishing is probably the hottest topic that drives the need for cyber awareness.  Employees need to be aware of the threat, and taught how to identify phishing emails. We’ve made a list of 6 examples of phishing emails to help raise cyber awareness around phishing.

Keep in mind that phishing emails are constantly changing, and becoming more sophisticated.  Learn more about a phishing email going around right now that’s claiming they’ve recorded you watching porn from your webcam.

Passwords

Employees often misuse passwords.

A few key things they need to know are not to use the same password for their personal accounts and social media, as they do their business accounts.  This is a common practice and cyber criminals know it. The problem is that when a social account is compromised the login details can be used to access business information.

Also, it’s common to find passwords written down on sticky notes, and put on a desktop, computer, or inside a notebook…all in site of someone walking by the office.  This puts it at risk to be stolen by other employees, office guests walking through, or the cleaning crew at night. Raising cyber awareness isn’t just for the office…it’s likely employees that do this in the office do it at home, meaning any guest at their home could have access to your systems.  

Social Media

Care more, share less.  That’s our motto. Oversharing on social media provides cyber criminals the information they need to gain access to an account.  What are your password reset questions? Pets Name. Address, Mother maiden name. First car. Etc. These might be shared in a post or answered in a viral quiz…both put your employee and your business at risk.  Employees need to be made aware of this risk.

When to Implement a Cyber Awareness Program

Onboarding – Cyber awareness training should always be provided on day 1 of onboarding. Create a culture of awareness from day 1 tells new employees that this is important to your business.

Annual Awareness Training – Annual cyber awareness training for all employees is key as well – annual training ensures employees are aware of best practices and your policies.  Annual cybersecurity awareness training also ensures you meet compliance requirements typically set by industry regulations, customer compliance from third party risk assessments, and state/government regulations.

Quarterly Phishing – Quarterly phishing campaigns simulate real world phishing attacks in a safe environment.  Employees that fail to recognize the phishing attempt and click an email are immediately trained on the risks and how to identify future phishing emails.  Quarterly phishing campaigns keep awareness front of mind, and allows you to track progress and improvement in cyber awareness.

Leadership Training – Leardership training is key to creating a culture of cyber awareness.  Leaders must understand how cyber security impacts their role and their employees – from the CFO to the sales manager, they all have to buy-in to the importance of cyber awareness.  Leadership training teaches leaders why this is important, and how they can participate to make their employees safer.

How to Deploy Cyber Awareness Training

Cyber awareness programs can be developed internally, or they can utilize an existing solution.  A good program includes training, simulated phishing, certification, and progress monitoring to track improvement over time.  

The team at Wuvavi came from an SMB that needed to implement information security training for employees to comply with a customer request and new business insurance.  All of the services available for training employees were tailored for the Fortune 500, and made training their smaller organization complex and expensive. The Wuvavi team wanted to build a program that was affordable for small and medium sized businesses, and easy to deploy.  The main goal has always been to create an employee awareness program that any sized organization can sign up and deploy in under three minutes.

The process is simple.  

  1. Sign up for a free trial or view pricing
  2. Add employee emails
  3. Enroll them in training and/or phishing
  4. Track their progress

Before you go

Wuvavi provides the world’s only cyber awareness platform developed for small and medium sized businesses that you can buy, enroll employees, and deploy in under 3 minutes.  Learn more and sign up for a free trial.