Cyber Awareness Training for Employees: Empowering Employees to Be Your First Line of Defense Against Cyber Attacks
T
hink your organization is too small to be the target of a cyber-attack? Criminals are targeting local governments of all sizes – even quaint, picturesque towns in BC – for fraud, malware and other nefarious activities. As local governments store private data and operate critical services, they are at risk of experiencing a cyber-attack. To build up cyber defenses, in addition to technical security measures, many workplaces require cybersecurity awareness training for employees. A comprehensive and engaging training program that reinforces positive behaviours can help reduce the risk of a cyber breach. Training is one critical layer of a defense-indepth strategy - a survey of over 500 IT professionals in Canada found that 95% indicated that end-user training is effective in reducing incidents and/or risky online behaviour. It is also becoming more common for insurance companies to require training for cyber policies. When looking for a training program for your organization, we recommend one that combines phishing simulations and cybersecurity courses with the following features: 1. A personalized cyber risk score and rich reporting Platforms that engage users in a series of initial training activities that generate a personalized baseline risk score will allow users to develop a sense of accomplishment. Through ongoing training activities – monthly phishing tests and supplementary courses – users will see if they can lower their risk score.
14 | GFOABC.CA
Platforms that allow admins to view the overall risk score for the whole organization along with training data and reports are particularly useful. These features help identify new processes or tools that will improve cybersecurity. 2. Content that covers all the cybersecurity basics The best platforms allow users to easily jump right in and get started with a series of courses that cover cybersecurity basics, from password managers to VPNs. It is beneficial if each course has a quick quiz at the end to test their knowledge with results that feed into the user’s personal cyber risk score. Most importantly, your platform should include Canadian content such as stories that are close to home, Canadian stats and references to Canadian organizations and laws. 3. Opportunities to build the habit of reporting suspicious emails The most effective platforms include phishing simulations, so users learn common red flags used in phishing emails and get into the habit of thinking twice before clicking on suspicious links. Platforms that send fake phishing emails to employees’ inboxes are particularly effective especially if a user’s risk score improves each time they forward fake emails to the reporting address. Regular phishing simulations can reduce clicks by 60% within one year. The more users that learn and follow cybersecurity best practices, the fewer incidents your organization will be exposed to.
