Technology – By Susan Robbins
Training strengthens the human element of cybersecurity
Cybercrime costs victims more than $6 trillion annually, and that cost is expected to grow to more than $10 trillion by 2025. Corporations invest millions of dollars in technology to protect against these financial losses and the associated damage to their reputations, but there is a human element to data security that is at least as important.
Even with the most up-to-date security software and technology, organizations cannot guarantee that employees will not click on a malicious link or respond to a text sent by a bad actor. With employees often representing the weakest link in any security effort, the human firewall is an essential first line of defense against the theft of sensitive information or efforts to compromise your organization’s network.
Trained Responses
Most people think of firewalls as hardware or software that protects networks and devices from unauthorized access and cyberattacks. A human firewall represents the behavior of personnel within an organization that helps to prevent cyberattacks. People who are adequately trained against these threats become an effective extension of the organization’s security protection mechanisms.
How can you determine if your team is providing that additional layer of protection for your organization? Look for and encourage the following actions or behaviors:
- Identify suspicious or unusual emails to the IT department or other responsible individual.
- Don’t open emails or click on links from unknown senders.
- To raise awareness, discuss the latest gift card scam texts circulating.
- Ask “Did you really send me this email?” before opening or responding.
- Be aware and avoid connecting to untrusted wireless networks.
- Think critically and question the authenticity of information, emails and websites.
- Create and maintain strong and unique passwords that are protected and not shared.
- Update passwords regularly.
- Use multifactor authentication for all accounts that contain sensitive information.
Provide your human firewall with up-to-date information about new cyberattack techniques and their consequences, empowering them to protect the company and themselves. It’s important to be realistic and understand that these changes won’t happen overnight. But if you are diligent, these behaviors will become your new normal.
Time and Persistence
Regular training is critical to any cybersecurity effort, because cybercriminals are constantly coming up with new ways to scam individuals and companies. But there are some ingrained habits that can make this transition difficult.
Human beings in the digital age seem hardwired to reply, click links and open attachments, especially when they appear to come from a manager, co-worker, customer or industry contact. And while this fire-ready-aim approach may demonstrate a commitment to customer service and engagement, it also opens the door to bad actors.
Some options include:
- Multi-module security awareness training every two months to all employees and deploy phishing campaigns monthly on a random basis.
- Test employees for their phishing response three times per year. Share results as percentages, and if an employee fails one or more phishing campaign, follow up with remediation.
- Provide employees with a submit email button on their Outlook toolbars tohelp them report suspected phishing with a single click.
Get Creative to Grab Attention
Getting employees to take cybersecurity seriously can be a challenge. Some may respond to statistics, while others find them too abstract.
Meanwhile, straightforward instruction may seem too simplistic when many employees think cybercrime is a problem primarily for the older population. The reality, however, is that people in their 30s are targeted most often by cybercriminals, and 18- to 24-year-olds are considered the most vulnerable to attacks despite their perceived higher level of digital literacy.
One option for making this instruction stick? Start with humor. Research has shown that humor and visuals aid memory retention, and a recipe light on stats, grounded in how-to and leavened with a healthy dose of situational humor works.
Conclusion
Organizations can and should invest in technology to guard against cybercrime, but no effort is complete without considering the human aspect of data security. By taking the time to train employees to identify and report security risks, organizations can build a human firewall that should stand against all manner of attacks.
Susan Robbins is director of training for HeartcoR Solutions. Email Susan at srobbins@heartcorsolutions.com.