The Importance of Training Employees on Cyber Security


After the recent cyber intrusions into multiple companies, experts are advising businesses to focus as much of their attention on patching their employees as on patching their network and computers. According to industry and government research studies, “over 90% of all cyber attacks are successfully executed with information stolen from employees who unwittingly give away their system ID and access credentials to hackers.” The hackers often use a method called spear phishing, in which they send out fake emails asking recipients to click on attachments or links that download malware onto the user’s computer, allowing unauthorized access into the computer’s network. Wesley Simpson, the COO of (ISC)2, a non-profit organization which specializes in information security education and certifications, suggested that organizations “need to consistently update employees with the latest security vulnerabilities and train them on how to recognize and avoid them.” Here are some tips on training employees on cyber risk and prevention:

  1. Having employees undergo live simulations of cyber attacks is considered the number one way of training. (ISC)2 often performs phishing tests, during which their IT department sends out a realistic phishing email to the employees without warning to see how many people take the bait. That way, they can tailor the training to the specific type of phishing email that is more likely to persuade their employees to click on it.
  2. Simpson advised that “to have a good cyber plan, you have to have line items in the budget for people, hardware, or software, year over year. That means getting the CFO, CIO, and CEO on board.” Cyber security products and services are one of the best and most important investments that a company can make because it helps to lower the risk of cyber attacks, which can be both costly and damaging to the company’s reputation.
  3. Ingraining cyber security in a company’s culture is very important in keeping employees constantly aware of potential cyber attacks and risks. It forces them to think twice before clicking an attachment or link in a suspicious looking email or giving out their company or personal information over the internet, whether in the workplace or at home.
  4. Regularly scheduled evaluations of networks, systems, and employees keep companies up to date on how vulnerable they are to a cyber attack or intrusion. This also allows them to see the progress of their training and identify any problems with the training that they need to address.
  5. Employees should receive continuous and regular training sessions so they can learn how to prevent new methods of cyber attacks and intrusions. Similar to how operating systems must be constantly updated to fix vulnerabilities in the system, employees must be constantly kept up to date on the new versions of malware that hackers release so that they don’t fall prey to them.