That is a scary number! If you have 100 employees, more than half don’t know what is a ransomware nor do they have an IT security awareness whatsoever. One single email could bring your company down on its knees in few minutes if that email was to processed by one these unaware employees. They can be victims of phishing, vishing, social engineering, over-shouldering or any kind of cyber-attack without even knowing. Patching, upgrading and securing your IT network infrastructure is never enough. Employees need to be educated, aware and always caution when it comes to IT security and breaches.
Most of the time, financial decision makers don’t want to invest money on hardening the security of their company, and what makes it worst some of them think it’s not even an investment and consider it spending or even wasting time and money, without realizing that if the company got compromised they will go at least through the following:
- Shutting the internet down. You need to cut the source.
- Freeze the business operation.
- Shut down some servers and workstations.
- Hire an urgent and expensive man hours to track, troubleshoot and kill the attack.
- Spend hours on investigating your employees.
- And the list goes on.
This could ruin a day, a month or even years of business and company reputation, causing a financial disaster and what worse, your company may not fully recover, at least not so soon.
Understanding that spending money on educating employees about cybersecurity is actually an investment will save you, your company and even your employees from a headache, time wasting, and financial crises. You could follow different ways and options to make sure that you’re putting money in the winning spot when it comes to cybersecurity awareness:
- Enforce security policies:
- Changing passwords
- Wear badges
- Use tokens
- Change rolls
- Multi-type authentications.
- Limit privileges and access.
- Harden security software and hardware.
- Training sessions: put your employees in a periodic training sessions.
- Keep them informed:
- Send them educational and informative emails about cybersecurity.
- Subscribe them to blogs and news that send daily, weekly or monthly updates.
- Invest extra time and money to actually put your company system and employees under attack.
- Hire people to do white, black and gray hacking attacks.
- Try to do phishing, vishing and social engineering and check how your employees are responding.
- Set challenges and give rewards.
- Set exams for example after session and rewards the winners
- Test as mentioned in (4) and reward for the most caution actions and responses.
- DO NOT PUNISH
- Expect the worse from your employees when it comes to Cybersecurity.
- Never punish for IT security mistakes that your employees are making.
- Educate them as much as possible.