Unless you’ve been lost at sea for the past few months, you’re probably familiar with the WannaCry ransomware attacks that infected over 230,000 computers across 150 countries. Despite its recent attention in the media, ransomware, is far from new.
The first known type of ransomware, the AIDS Trojan, was released in 1989. It made its way to victims via floppy disks that were meticulously copied, packaged, and posted. And instead of paying in Bitcoins, victims had to send $189 to a post office in Panama to get their data back. This global attack paved the way for other cybercriminals to hone their craft and create new ransomware strains.
In 2017, the cost of ransomware attacks is estimated to reach $5 billion. With this in mind, it’s crucial that you adopt the right defenses and strategies before your business becomes part of the statistic. And first on the list should be employee security awareness training.
What is it?
Security awareness training is the formal process for educating employees about computer security. Ideally, security awareness programs should include corporate policies and best security practices. Employees should also know whom to contact if they discover a security threat and be taught how to use and manage corporate data. Regular training is especially important for businesses with high turnover rates and that employ a lot of contract or temporary staff.
Don't dread it
The last thing employees want to do is complete out-of-date courses on data protection and email security. Employees typically undergo routine security trainings so they won't be bothered for the next 12 months, which is an extremely ineffective way to conduct security awareness because:
- It’s just ticking boxes - By taking this lackadaisical approach, you’re essentially telling your staff you don’t care about network security, so why should they?
- It’s way too old - Cyber threats constantly evolve, meaning employees need to know how to overcome current threats now, not next year.
- It’s useless - You need to make employees understand why it’s important to secure networks and what would happen if they weren’t.
Topics to include
There are numerous ways to spice up security awareness training. Instead of having your employees sit through a lecture, opt for an interactive group discussion where everyone can take part during the session. An open channel for communication encourages staff to both speak up and listen more, which are both crucial components to successful training. Here are some key topics you can include:
- Password strength - Introduce employees to password policies: what they are, their requirements, why they’re needed, and how they could affect your company’s growth.
- Email security - Prepare your inbox for phishing attacks and other forms of cybercrime with a comprehensive run-down of prevalent threats and how to spot and prevent them from harming your networks.
- Social engineering - If electronic systems become too difficult for a cybercriminal to hack, they go after the next chink in the armor: users. Learn how to avoid falling victim to social engineering attacks.
- Web browsing - Explain why your organization restricts access to certain websites and train employees not to click suspicious links or engage with messages prompting them with lottery money or asking them for a donation.
When all's said and done, the success of your security awareness training comes down to your employees. Allow Founders Technology Group to help train your staff on the intricacies of network security and instill essential security best practices to prevent hackers from compromising your networks. Feel free to give us a call or send us an email today!