We’ve all heard the horror stories.
Someone in the organization clicked a link in an unexpected email and malicious software was installed on their computer.
Or, someone in the organization visited a sketchy website that tricked them into giving up corporate login credentials.
Or, someone received a text message on their phone purporting to be from the CEO asking them for information.
Or…or…or…
All these scenarios can be minimized by providing appropriate training to staff. This training should be about responsibilities and actions every staff member needs to understand.
We’ve all heard about the importance of cybersecurity awareness for everyone in our organization. But often we get paralyzed with knowing how to get started.
There are some things you can do to get started that will raise staff understanding and improve the protection of organizational information.
Here are 5 tips for doing cybersecurity awareness at your organization
- Get buy-in from the owner or top executive. Cybersecurity awareness training is a part of the risk management of the organization. The top executive should understand the value to the organization with the investment in training. The culture of any organization will reflect the attitudes and values of the top influencer. If there is to be value in cybersecurity awareness it must be understood and communicated from the top.
- Take advantage of free training videos. You don’t need a contract with a high-end vendor to get started! YouTube hosts an 8-part series of short videos from the National Cybersecurity Alliance addressing topics such as phishing and passwords. Send out an email every other week with one of these videos, and with Top Executive approval require everyone to watch. Here’s a link to the YouTube playlist – Security Awareness Episodes
- Encourage communication when people receive scams or phish emails. Often when one person in the company receives a phish-y email others will also. Encourage them to let each other know they received this. Post a message in the company Teams or Slack. Talk to the person in the next cubicle. Get ahold of your Tech Folks and maybe they can block further messages from that email account or domain. People do better when they are talking to each other.
- Have regular “Lunch And Learns” to discuss a specific topic. You might try to have a monthly or quarterly gathering of staff to discuss a specific cybersecurity topic of relevance to your organization. Ask several people to bring a recent news story about a breach at another company. Discuss ways your organization is taking steps to prevent that type of attack. Occasionally bring in an outside expert to share their perspective. You could even contact SureDefense Strategies for someone to do this.
- Celebrate someone catching a scam. When someone does receive a particularly tricky phish or sms, and they don’t click but rather let others know, celebrate the win! Give them a Starbucks gift card or some company swag (not junk, but something of value). Make sure others know this is being done and the enthusiasm for catching scams will grow.
Yes, there are more things you can do to improve cybersecurity awareness, but this will get you started.
When you have questions, get ahold of SureDefense Strategies and we can help you navigate this maze.
