Why You Must Educate Your Employees about Cybersecurity (and How)

With all the news coverage on major data breaches and cyberattacks on famous corporations, cybersecurity remains a hot topic. There is, however, a common misconception among small and medium-sized businesses that these types of attacks are targeted only at the big guys. Possibly as a result of media focusing on the scandalous threats to well-established companies, the rest are led to easily assume that somehow, their enterprise is too small and irrelevant to be at risk in the first place.  

But this couldn’t be further from the truth. Here’s why you need to rethink your cybersecurity efforts and how you can train your employees to minimize the risk of an attack.

Small businesses are at greater risk

Reports have shown that in 2017 alone, 61% of data breach victims were businesses with fewer than 1000 employees. Not only that, but cyberattacks on small businesses are most likely to be more consequential since most enterprises don’t have the capacity and resources to deal with the aftermath of a cyberattack. Unsurprisingly, research shows that 60% of small business would close within 6 months of the data breach.

All of this provides a compelling reason for every company, regardless of its size, to take cybersecurity seriously. But here’s the catch: cybersecurity should be a company-wide mindset. Without this kind of mindset, where every employee is well-trained on cyber-literacy and aware of possible threats, all the expensive IT security systems won’t do.

Most attacks rely on human error

Essentially, it all comes down to this one simple fact. Hackers look for the simplest way into a system, and they’ll start with the places where employees are often not vigilant enough. For example, they’ll try to crack the admin key, knowing that many companies use weak and predictable passwords, even repeating them across multiple systems.

Another common type of attack, which relies entirely on human error, is phishing. This practice involves posing as a legitimate institution or authority to convince unsuspecting victims to give out information such as login credentials, credit card details, etc. The perpetrator establishes communication most often via email, but it can also be through text message or a phone call. Phishing emails can also carry attachments which install malicious software when opened or downloaded. This is where your company’s safety depends entirely on your employees’ awareness.

That’s why cybersecurity starts with teaching your employees basic IT security principles before all else. This involves:

  • using strong passwords
  • creating unique passwords for each account/system
  • learning how to recognize phishing emails
  • being cautious with opening links and emails from unknown sources
  • monitoring accounts for irregular activity
  • knowing what to do when being asked to give out sensitive information

Remote work calls for enhanced caution

With an increasing number of companies offering their employees the flexibility of remote work, or even entire organizations relying only on digital offices, there’s a whole new level of awareness which employees need to adopt. If your company relies on remote work to any extent, make sure to establish clear guidelines regarding working in public spaces and on unsecured networks. This involves:

  • physically guarding company devices (including logging out of networks if a device is to be left unattended)
  • learning how to track a device in case of theft
  • knowing which operations shouldn’t be accessed on unsecured networks
  • being cautious when sharing external hard drives and flash drives, etc.

The danger of eavesdropping attacks

The so-called “man-in-the-middle” is one of the most common types of eavesdropping attacks. As the name suggests, this is a type of attack where perpetrators position themselves as the “middleman” in communications between users and systems. This position as a relay in conversations where company information is shared allows them to exploit everything from the conversations themselves (if they involve company secrets) and the exchanged data to real-time transactions. What makes this type of attack especially dangerous is that hackers have the ability to alter or corrupt the exchanged information without being detected.

To minimize the risk of this type of attack, companies need to use a robust VPN service and provide employees with password-secured company phones. Employees need to be trained to always double check the data of everyone involved in the conversation, examine the transparency of conversations and, most importantly, to report anything suspicious right away.


Take your time to develop an effective cybersecurity awareness program, where you’ll cover the basics as well as establish ongoing training that focuses on both the persistent threats and the most recent types of attacks. Hackers are creative in finding new ways to compromise networks and deceive people to give out information. Investing in company-wide cybersecurity training and fostering a security-minded approach is the first step to lessening your risk of an attack.

Views: 71

Add a Comment

You need to be a member of HR Daily Community to add comments!

Join HR Daily Community

© 2019   Created by Jo Knox.   Powered by

Badges  |  Report an Issue  |  Terms of Service