TOP 5 Reasons why we should improve the awareness of our employees on the cyber security topic
In the cyber security domain, we are often focusing on protection, response, investigation, compliance, etc. It is usually assumed, that every cyber security measure we enforce – be it a technology or a process, is seen merely as a restriction, an overhead to the daily work of people and the business operations. For example, we often say, that the most secured device is the one that is turned off, right? But maybe we are not presenting the matter properly to our employees in the first place, which results in the perception we see today. The user is not happy with the endpoint DLP sniffing on his device for some sort of important data and trying to block all attempts to send out data that it deems unacceptable. But the truth is, nobody has explained to the users why this is necessary and what’s in it for them. The same goes for trainings – usually, internal trainings are underestimated, ignored, and considered a waste of time. Indeed, there is much to improve in the way we train people on a certain topic. To make these trainings effective, we also need to change the perception and attitude of the people. Thanks to companies like CybeReady, which make the trainings very short, interactive, easy, fun and simulate real-life scenarios, we’ve seen some progress in terms of the training approach, but we are still failing to explain to our employees and management why this should be taken seriously. So in the next paragraphs, we have summarized the top 5 reasons why a company should invest more effort in training its employees and how the employees can benefit from it.
1. Protect your employees
First things – first. The most important asset of many companies is their people. Our everyday life is highly digitized and nobody explained to us how and why we should ensure at least a minimum level of protection for our digital identities and activities. We naively believe that our ID number makes a great password, and that if an email claims to be from our bank, then it really is. But no one taught us any better – we had to figure out these mistakes by ourselves while still doing our daily jobs, being parents, etc. By introducing an interactive and engaging mechanism to train people on the basics of cyber security measures, companies will improve their employees’ understanding and empower them to protect their digital activities. That will save them money, frustration, fear, shame, etc. On the other hand, what would happen if a person infected their company device by opening a malicious email or browsing to a malicious website? Well, chances are that they might be fined or even fired. So yes – by improving employees’ knowledge and awareness we do protect them, both in their personal lives and at work.
2. Contribute to society
The surest way to prevent hackers from using a certain attack vector is to reduce the success rate so the effort is higher than the benefit. When people know how to identify the threat and to avoid it, hackers will stop using that vector. On the other hand – the human is a social being and is constantly trying to find ways to socialize and be around other people. And most often, when someone is familiar with certain threats and how to avoid them, they gladly share with friends, family and relatives, thus improving the overall awareness even more. In other words – knowledge is the best prevention.
3. Earn the respect of your employees
Creating a cyber security awareness program that is interactive and easy to understand is not a simple task and often requires quite some effort, dedication and investment. The easiest thing to do is to send your employees 5 links to videos on YouTube and tell them “watch these, and educate yourselves”. However, this doesn’t really work. It shows your attitude towards these trainings and you cannot expect more from your employees. When the company invests in a more interactive and continuous approach that is understandable for the workers and also rates their success and efforts, then they think – “hey, they really care, it’s not just a tick in a box”. That makes them respect the company and gets them even more engaged.
4. Reduce human-centric cyber security breaches
Well, we cannot ignore that reason, right? It is clear that the ultimate goal is to reduce the number of breaches. For the last few years, cyber criminals have identified the human as the weakest link in the security defense and have turned their focus on them. The better our employees are prepared to identify and react properly, the better our organization and data are protected. Researchers estimate that human error was the cause of between 60% to 95% of the cyber security breaches. Even the lowest percentage rate is still very significant and if we are able to reduce it, it will make a huge difference. There will be a huge difference for people as well – being able to identify and prevent the breach, instead of contributing to it. This will boost their self- confidence, reputation and satisfaction which will result in better work results.
5. Meet regulatory requirements
Last, but not least comes the fact that nowadays we need to comply with all sorts of standards and regulations. More and more of them include the requirement to train and educate people. Failing to comply with those regulations often results in penalties, poses a risk to the company’s reputation and can even lead to missed business opportunities. Some of the auditors are being very thorough and check things not only on paper and with the management, but also with the employees to understand if the measures are really applied as described. It is so much better to be in the position to confidently and calmly explain and even show what the company is doing to improve its cyber security, than to fuss and hesitate about it.
In the light of all of the above said, there is no reason not to implement a cyber security awareness program. The only real constraints can be resources, time, knowledge and investment. And this is exactly where we can help! Thanks to our partnership with CybeReady, we can create an automated, continuous, multi-lingual, easy and interactive cyber security awareness program and manage it for you.
If you want to achieve the above five points, but are not sure how – join our webinar on the 10th of September, and learn how to do it from our experts Lyubomir Tulev and Mike Polatsek. You can also contact us directly and we’ll talk about it.
About the author
Pavel Yosifov
Pavel Yosifov
Business Development Manager
Pavel is a Business Development Manager for the Cyber Security portfolio of BULPROS Group. For the previous 10 years, he has been acting as a CTO of a leading Bulgarian implementor for information security solutions.
Pavel has vast experience in selling, implementing and supporting various Cyber Security solutions in organizations from various industries and of all sizes. With over 13 years of experience in IT, over eight of which working in the field of Cyber Security, he has solid technical expertise, rich history of good partner relationships, and successful years in management and business development roles.