Cyber Security Training for Employees: What Does Common Sense Mean?

Cyber Security Employee Training

The new year is here, and a useful resolution for every small business is training employees on how to stay safe online. Many small businesses rely on their employees’ common sense when it comes to password creation, email threats, and avoiding unsavory websites, but what exactly is common sense in cyber security terms? Someone untrained in cyber security techniques won’t have the same kind of common sense as someone steeped in the latest security threats and updates. That’s why formal cyber security training for employees should be an important part of every business.

Your small business can benefit from more in-depth cyber security training for your employees, and the best course of action would be to enlist the help of a local IT consulting company or your managed IT service provider. They are the experts and know what common mistakes can lead to trouble for your business and your bottom line. Regardless of who provides the training, there are a few key topics any instruction on common sense habits should include.

Secure Passwords

Passwords remain the most wide-spread form of identity verification on the internet, so how a user creates a secure password is important. For years, websites and apps demanded passwords of at least eight characters, capital and lowercase letters, at least one number, and a special character. Most people think they have a strong grasp of what makes a secure password. Unfortunately they’d be wrong, thanks to new cyber security guidelines.

Last year the National Institute of Standards and Technology (NIST) released the Digital Identity Guidelines. This report states that the current method of password creation is making passwords more predictable because people “have only a limited ability to memorize complex, arbitrary secrets, so they often choose passwords that can be easily guessed.” When a site enforces the letter, number, symbol requirements, people tend to make predictable alterations to that easily-guessed password, or they end up writing down the password in order to remember it. Neither option makes the password very secure.

The new guidelines suggest that users be allowed to make longer, more memorable pass phrases that are not easily guessed. Memorability is more important than complexity. Randomized passwords are still the strongest option, but may lack memorability. A password manager could be the best solution, allowing the user complex, randomly-generated passwords without the need for memorization.


Emails are key to most phishing and spear phishing campaigns, so training your employees on this cyber security threat is crucial. Criminals hope to trick an unsuspecting user into clicking on a link or attachment that leads to or contains malicious content. Thankfully, common sense generally tells people not to click on a random link pasted into the body of an otherwise empty email, even if it comes from someone on their contact list. But, as with passwords, our understanding of common sense needs to be updated.

Spear phishing campaigns have become dangerously sophisticated, and knowing how to stay safe online means being skeptical of anything that feels a little off. Emails from companies about services you didn’t buy, unexpected closure of accounts, or missing information are all ways criminals lure you into clicking on a link in an email.

Teach your common sense to look beyond the layout and familiar logos. Spear phishing can often be identified by misspelled email addresses or country codes that don’t belong to the company. A user must be vigilant, as these changes are subtle and sometimes hidden by a name in place of an email address. Hover over the links or name to reveal the full address without clicking on it. Make sure to double check anything that doesn’t make sense.

Another way to ensure you’re not caught by a spear phishing attempt is to always go to a company’s website manually rather than from a link provided. Some criminals use links that send you to a fake mirror website to trick you into logging into your account. The criminal records your login information and then has access to the real account with you none the wiser. By choosing to go to your account from another tab or window without clicking the link, you can verify if something is actually wrong with the account without the risk of giving up your information.

Surfing the Web

Common sense for how to stay safe online starts with the business owner. Installing an enterprise-level firewall is the first and best defense against a cyber attack. These can often be configured to your business’s needs and block content you don’t want employees viewing on a company computer. Sites with disreputable content are prime targets for cyber criminals. Ensuring your employees never access unsafe sites will protect your company.

It’s also important to activate any “safe search” functions within your browser and on your anti-virus and anti-malware programs. This runs any site you search for through a list of sites known to be compromised. These sites can come up in any search without you realizing it. Criminals create websites meant to trick you into thinking it is a legitimate business and even hack into real sites. Safe search is another layer of common-sense IT protection.

These are just a few of the common sense procedures your employees should follow. For cyber security training and in-depth answers to common sense mistakes, turn to Anderson Technologies, a St. Louis IT consulting company that offers on-site training seminars for small businesses. Let our expert consultants teach you what to avoid to keep your business safe. Contact Anderson Technologies at or call us at 314.394.3001.