A Guide to Employee Cybersecurity Training

When it comes to small business cybersecurity, you could be doing everything right, but it just takes one wrong click from a well-meaning employee to undo all your hard work. Here’s what to cover during business cybersecurity training for your team.

One of the most overlooked steps to small business cybersecurity is employee education. Cyber criminals are stepping up their game and increasingly targeting small businesses. Every employer must find the time to educate its team members about digital safety. The global cost of cybercrime is projected to reach more than $2 trillion by 2019. It’s worth taking the time to provide thorough cybersecurity training to your employees.  While doing so, make sure to include the following topics.

  1. Spear Phishing Emails Are on the Rise

Spear phishing is a more sophisticated form of phishing in which criminals target a particular victim rather than a wide audience. These emails often appear to be sent by legitimate sources, such as a colleague or trusted vendor, and are designed to trick the recipient into providing personal information, like a credit card number or password.

Spear phishing emails targeting employees increased by 55 percent in 2015, according to research from Symantec. Warn your team to:

  • Be skeptical every time they’re asked for personal information.
  • Hover over links and email addresses to ensure target URL credibility.
  • Refrain from downloading attachments unless they’ve verified the sender.
  • Ask you or your outsourced IT services provider for help when in doubt.
  1. The Art of Password Management

Cybercriminals use software that helps them guess people’s passwords. Do not make their job easier. Teach your employees the importance of creating effective passwords. You can also consider implementing a password management tool for employees to use as an added security measure. Your cybersecurity training should include the following tips:

  • Do not use the same password for everything.
  • Do not use real words that can be found in the dictionary or obvious things like the name of your business.
  • Use a combination of numbers, uppercase and lowercase letters, and symbols.
  • Change passwords on a regular schedule.
  1. The Web Can Be a Dangerous Place—Get Out of Autopilot

It’s easy to be lured into a false sense of security as you browse the web. It’s so familiar, and you may have been using it without incident for work and personal purposes for some time.

Business owners must teach their employees that the internet can be a dangerous place. In fact, nearly 75 percent of legitimate websites have security vulnerabilities that could put users at risk. Business owners need to:

  • Create guidelines for appropriate digital behavior. Seedy content breeds seedy behavior, so keep your employees off inappropriate sites at work.
  • Teach employees that legitimate sites can have vulnerabilities.
  • Install and maintain an enterprise-level firewall coupled with safeguards such as a subscription for content filtering and intrusion protection.
  • Use anti-virus and anti-malware programs that include “safe search” features that help flag sites that have been compromised.
  • Consider partnering with a managed IT services provider who can make sure your business implements these steps correctly.

These tips are just the beginning. Cybersecurity training for every employee, even administration and management, proves itself to be invaluable in the event of a potential threat. For more information on what your employees need to know about small business cybersecurity, including what to do when they click a link they shouldn’t have, check out An Employee’s Guide to Preventing Business Cybercrime.

Anderson Technologies is a St. Louis IT consulting company that can help your small business educate its employees about effective cybersecurity practices. For more information on our cybersecurity training services, call 314.394.3001 today.