Security Awareness Training is Essential for Small Businesses Educate your staff in the ways of cybersecurity to avoid any potential data breaches.
By Robert Siciliano Edited by Dan Bova
Opinions expressed by Entrepreneur contributors are their own.
Research from the Ponemon Institute claims that human error is responsible for approximately 80 percent of all business data leaks. It only takes one careless employee to cause a big issue. Here is an example: A worker in your office, Sally, is checking her personal email at work and opens one that promises she will lose 10 pounds within the next week. She clicks the link inside of the email and without her realizing it, this action installs a virus on to her computer. Not only is the virus now on her computer, it is also infiltrating the network.
Related: This Cybersecurity App Handles Your Company's Internal Weaknesses
As you can see, this scenario can happen to anyone, which is why it is imperative that owners of small businesses teach security awareness. How does one go about this? Try these tips:
- After presenting information about security awareness, come up with a scheme to set up a situation where employees are given the opportunity to open a very alluring link in their email. This is called a "phishing simulation." This link will actually take the worker to a safe page, but you must make the page have a message, such as "You Fell For It." You should also make sure that these emails look like a phishing email, such as adding a misspelling.
- The people who fall for this trick should be tested again in a few days or weeks. This way, you will know if they got the message or not.
- Don't make it predictable as to when you are giving out these tests. Offer them at different times of day and make sure that the email type changes.
- Consider hiring a professional who will attempt to get your staff to hand over sensitive business information over the phone, in person and via email. This test could be invaluable, as it will clue you into who is falling for this.
- Quiz your staff throughout the year, to allow you to see who is paying attention.
- You want to focus on educating your staff, not disciplining them. They shouldn't feel bad about themselves, but they should be made aware of these mistakes.
- Make sure your staff knows any data breach could result in legal, financial or criminal repercussions.
- Schedule workstation checks to see if employees are doing things that might compromise your business' data, such as leaving sensitive information on the screen and walking away.
- Explain how important security is to your business and encourage staff to report any suspicious activity.
- After training your staff and testing your employees, make a full list of all of the important concepts that they should understand. Examine this list frequently and then re-evaluate the list to see if any revisions are required.
Related: Cybersecurity Planning is Finally Demystified (Infographic)
Keep in mind that there is no such thing as sharing too many tips on security with your staff. Take the tips, post them around your workplace, and schedule things such as short seminars on security or workshops. This will help to keep this info fresh in the minds of your staff. Also, frequently recognize members of your team who commit themselves to security in the workplace.