We live in an era where online privacy or safety is not always guaranteed. Every little blip of information sent out across the internet is subject to attack. From your family photos to your social security number, everything is up for grabs. Even digital natives struggle with identity theft and hacking. For those who are unfamiliar with online threats, these risks can be even greater. While this open season on personal information may seem an insurmountable obstacle, your company cannot afford to give up sensitive customer and company data. Cyber security training for beginners is a crucial element of any employee training.
Who needs cyber security training for beginners?
The short answer is this: everyone.
If an employee uses a computer for company business, they need to know how to keep company data safe. We take our computer’s security systems for granted, but hackers are growing increasingly sophisticated, embedding complicated malware to gain access to data.
Educating employees on cyber security is an important, ongoing part of their training.
Where to start with cyber security training for beginners?
As with all employee training, cyber security training for beginners starts at the top. While it’s a rare executive who will dismiss the importance of securing a company’s data and information, sometimes you need to justify the cost of developing a new training program.
For example, executives may assume that in this day and age, most people understand how to keep themselves safe online. This just isn’t so. The primary access for hackers is the “human attack surface” (employees in contact with a computer). By 2021, an estimated four billion people will have regular access to computers.
The real bottom line? The average cost of cyber attacks in the U.S. averaged just over seven million dollars as of January 2017, with the cost of a data breach per client record averaging $225. What does this mean for your company? If you only stored 1,000 client emails, a data breach could already cost your company $225,000.
After the CEOs are on board, a training needs analysis can help you figure out where your employees are in terms of basic knowledge about cyber security. If they are still using their name as their password, you have some work to do.
Once you have buy-in from the top and know what your employees already know, it’s time to set goals for your cyber security training and identify what resources you already have in place. These two steps set you up for success and move you towards designing eLearning courses or other digital learning methods to deliver important information.
Next, you'll consider your approach. Some companies take a more humorous or light-hearted approach to cyber security training for beginners, staging “live fire” exercises or role-playing a cyber attack. While this approach may not be for everyone, if your company likes to think outside the box and try new tactics to engage employees, this might be just the thing for you. Other companies may prefer easy-to-access microlearning resources.
Finally, cyber security training (for beginners and more experienced employees alike) should be ongoing and frequently updated. Hackers are constantly creating new ways to get at your information. Updated information is an important element of employee cyber security education.
What should my cyber security training for employees cover?
Cyber security training isn’t just a phrase your employees throw around on their way to the conference room. The safety and security of your company data and the data of your customers depends on what your employees know.
At the end of their training, here are the four crucial things your employees should know, understand, or be able to do.
1. How to update passwords often and responsibly
Passwords are a hot button issue for most employees. A 2012 analysis of passwords stolen by hackers looked at the most common passwords. The number one password of 2012? “Password,” followed closely by “12345.”
Another analysis of six million username and password combinations found that nearly 92% of these accounts used one of the most common passwords (with the top contender being – you guessed it – the always hackable “password.”).
- Use two factor authentication (2FA): This forces the user to not only enter the password but also a randomly generated single-use code or answer to a previously set up security question.
- Set up different passwords for different sites: Social media and web forums are notorious hacker trolling sites. Don’t use the same password for company email as you do to access Facebook.
- Use randomly generated passwords: You know those crazy, random passwords that a site gives you to use the first time you log in? Instead of changing the password to your dog’s name, create a similar random password that's made up of a combination of numbers, letters, and special characters that's at least eight characters long. It’s nearly impossible to hack.
- Consider a password manager to remember your passwords: Employees change their passwords to something easier so they can remember them. Password manager apps may be able to safely store those long, hard-to-remember passwords.
- Prompt employees to update passwords on a regular basis: Let your employees know during training that they can expect ongoing, automated reminders to update their passwords for critical business programs. A 90-day schedule is a good place to start.
These cyber security tips can be easily delivered with microlearning tools. Standardize the process so employees know how to create impenetrable passwords and change them when needed.
2. Who to ask when they have questions
When employees have a question, do they know whom to ask?
This seems simple, but in organizations both large and small it can be challenging to know who deals with questions surrounding cyber security for employees. Make sure your training shares this information, and frequently. After the training, send an automated email or text to employees with the contact information again.
3. How to identify different phishing attempts
Nearly 91% of cyber attacks start with an email. In 2014, phishing attacks cost companies all over the world $4.5 billion.
Employees need to know how to identify phishing attempts through email, voicemail, and text. Train your employees to look for unidentifiable names, unrecognized links, or thinly veiled threats, forwarding them to the IT department for investigation.
4. How to avoid downloading malicious software
As with phishing attempts, employees need to know how to spot malicious software. One little download can infect an entire system within minutes, burrowing deeply into sensitive files.
As a general rule, employees should not be downloading anything to their own computers without approval from the IT department. Warning signs of malicious downloads include slower speeds, more pop-ups, disabled antimalware, an inability to uninstall the software, and an end-user license agreement that looks like a four-year-old wrote it.
An effective cyber security training is arguably the most important part of an employee’s training. Addressing the sheer scope of the threat of cyber attacks can be intimidating, however EdgePoint Learning can help you through the process with custom eLearning tools and resources. Get in touch today.