Cyber Security Awareness should be on the forefront of every small and medium sized business, most businesses now have one or more connections to the Internet and not all businesses have a solid infrastructure in place to deal or mitigate many of the cyber security threats that are out there in the wild.
These 7 tips will help you succeed in educating your own employees about those threats.
- Talk to you employees about cyber security, have lunch and learns and distribute notices in the lunch room to keep the idea of cyber security awareness in their minds. Explain the potential effects of a cyber security breach on your organization, review and sign the company IT policies on a regular basis.
- Top Management should be some of the most critical followers of cyber security awareness, social engineering targets top management of companies in spear phishing attacks because they generally have greater access to company resources. The financial and damage payoff to would be attackers is much greater if they target the top management in any organization. IT staff and management should also be included in this as they often have greater than user level abilities on the networks.
- Have regular cyber security training sessions to reinforce the information that they sign when entering the company, make cyber security awareness part of your onboarding a new employee. Explain that the training can help them secure their computers at home as well as work. Also explain the dangers of using public free internet in cafe’s or hotels.
- Warn employees of dangers of social engineering, they should be aware of using social media, unknown blog sites, or suspicious links while on work devices or corporate mobile devices. Many cyber security incidents begin as a harmless phone call seeking information about the company and its operations.
- Train employees to recognize signs of a cyber security attack, have step by step instructions on how to report a cyber security incident. Include things like turning off your computer, notify the IT helpdesk, report any suspicious emails, report if you lose your mobile device or laptop. Make sure that you have a disaster recovery plan and business continuity plan in place in case you do get attacked.
- If an incident does occur, let your employees know. A lack of transparency of a cyber security incident can make the event much worse. Issue instructions on how to deal with the media or public about the incident. Develop an internal communications plan and have a PR strategy in place. Think about investing in insurance to mitigate risk of cyber security incidents.
- Regularly test your employees, make it fun and rewarding with incentives for fast responses. Ways to test might be to send out a fake phishing notice to see who reports it, or drop a usb hdd on the ground somewhere to see who hands it in.