2 minute read
Cyber Awareness Training for Employees: Empowering Employees to Be Your First Line of Defense Against Cyber Attacks
Think your organization is too small to be the target of a cyber-attack? Criminals are targeting local governments of all sizes – even quaint, picturesque towns in BC – for fraud, malware and other nefarious activities. As local governments store private data and operate critical services, they are at risk of experiencing a cyber-attack.
To build up cyber defenses, in addition to technical security measures, many workplaces require cybersecurity awareness training for employees. A comprehensive and engaging training program that reinforces positive behaviours can help reduce the risk of a cyber breach. Training is one critical layer of a defense-indepth strategy - a survey of over 500 IT professionals in Canada found that 95% indicated that end-user training is effective in reducing incidents and/or risky online behaviour.
Advertisement
It is also becoming more common for insurance companies to require training for cyber policies. When looking for a training program for your organization, we recommend one that combines phishing simulations and cybersecurity courses with the following features:
1. A personalized cyber risk score and rich reporting
Platforms that engage users in a series of initial training activities that generate a personalized baseline risk score will allow users to develop a sense of accomplishment. Through ongoing training activities – monthly phishing tests and supplementary courses – users will see if they can lower their risk score.
Platforms that allow admins to view the overall risk score for the whole organization along with training data and reports are particularly useful. These features help identify new processes or tools that will improve cybersecurity.
2. Content that covers all the cybersecurity basics
The best platforms allow users to easily jump right in and get started with a series of courses that cover cybersecurity basics, from password managers to VPNs. It is beneficial if each course has a quick quiz at the end to test their knowledge with results that feed into the user’s personal cyber risk score.
Most importantly, your platform should include Canadian content such as stories that are close to home, Canadian stats and references to Canadian organizations and laws.
3. Opportunities to build the habit of reporting suspicious emails
The most effective platforms include phishing simulations, so users learn common red flags used in phishing emails and get into the habit of thinking twice before clicking on suspicious links. Platforms that send fake phishing emails to employees’ inboxes are particularly effective especially if a user’s risk score improves each time they forward fake emails to the reporting address. Regular phishing simulations can reduce clicks by 60% within one year. The more users that learn and follow cybersecurity best practices, the fewer incidents your organization will be exposed to.
If you are looking at training options, the MIABC has partnered with CIRA to offer a platform that combines phishing simulations and courses in one platform. MIABC members can contact us at askusanything@miabc.org for more information and nonmembers can contact CIRA directly.
ERIN HUTCHINSON joined CIRA’s Cybersecurity Services team as Product Marketing Manager, bringing several years’ experience working on the .ca domain team. She is a champion of CIRA’s Cybersecurity Awareness Training platform and passionate about developing cybersecurity educational materials that help fight against the ever-evolving tactics of cyber criminals.
