Train Your People!

From real-time breach detection, to penetration tests, internal threat scans, data-loss prevention, multi-factor authentication, and more this year businesses will spend billions on IT security tools.

And, though CRITICAL to protecting the network and ensuring business continuity, none will defend your company against unsafe employee behavior or compromised user credentials.

People are Critical

If people are the first line of a strong cyber-defense-in-depth strategy, why are the majority of users dangerously ignorant and wildly unprepared to combat the criminal threat? Why do up to 99% of cyberattacks result from human behavior?

While New York (and other states) are beginning to mandate employee cybersecurity training, educating our workforce takes a low priority, especially for companies not required to do so.

So, since your defenses are only as strong as your weakest link, and protecting company assets and sensitive data is an obligation we all share, here are THREE THINGS you can do to prepare your team and harden your security.

ONE - Make cybersecurity training mandatory for all employees

Regardless of who they are, how long they’ve been with the company, or how computer savvy they may be, cybersecurity training must be mandatory for your entire team. New employees should receive training as part of the onboarding process, and an annual refresher course should be held to keep those front line defenses sharp and ready.

TWO -  Include simulated social engineering attacks as part of your penetration testing

Training is step one, but how employees react at “game-speed” is completely different. Make sure Red Team/Blue Team drills include things like phishing emails, phone calls or even messages on social media. Today’s criminal is a creative and sophisticated technologist; your testers should be as well.

THREE - Corporate culture

Consistent cybersecurity messaging should flow through your office until it permeates your organization and becomes second nature. October is National Cybersecurity Awareness Month and a great time to start. Send weekly emails about staying safe online, begin/end company meetings with a brief security conversation, and keep on premise data centers/server rooms locked. Set the tone and expect excellence.

Protecting your business doesn’t have to be expensive, but it must be done – regardless of compliance! You’re not required to lock your door, but you’d never leave your office unlocked…right?