Educating Employees on Their Role in Protecting Your Organization’s CybersecurityOctober 10, 2018
The growing number of data breaches and other cyber threats have increased businesses’ need to have skilled personnel to help protect against these risks. Unfortunately, the demand for these roles is rising faster than the number of qualified employees available to fill them. A recent report by McAfee found that in a survey of 775 IT and cybersecurity decision-makers, 82% reported they have a shortage of cybersecurity skills within their company. The problem isn’t one likely to be resolved soon, as research by Indeed.com recently reported there are simply not enough candidates to fill those jobs. In the U.S., there are only two candidates for every three cybersecurity job vacancies advertised, and in other parts of the world, the problem is even further amplified.
To help address some of the biggest cyber challenges businesses are facing, a skilled cybersecurity team is necessary. Certainly, one long-term solution to this is to encourage more individuals to enter the lucrative and in-demand field. More programs are becoming increasingly available at universities and technical schools to help prepare interested students for a career in cybersecurity – such as the Center for Identity at the University of Texas. However, with 18% of businesses reporting that their existing cybersecurity team cannot keep up with the workload, it may be time for companies to consider how they can lighten the load by helping all employees to better understand the role they can play in helping to protect their organization’s cyber infrastructure.
Every Employee Can Help Reinforce Your Company’s Cybersecurity
In today’s digital age, every employee interacts with company devices and systems – whether it be laptops, cash registers, or time clocks. And every employee who utilizes a device connected to company systems should be educated on how that device can be compromised and affect the organization’s cyber infrastructure and data, as well as steps they should take to best protect those devices. This is especially important considering that employees were the cause of the majority of breached records in 2017.
The Identity Theft Resource Center has reported that the majority of data breaches last year were caused by employees accidentally falling victim to hacking, skimming, or phishing attacks. When employee activities do cause companies to fall victim to these common attacks, the financial fall-out can be crippling to some companies – the Ponemon Institute estimates such attacks cost businesses $3.8+ million on average! Considering these figures, it’s clear that most organizations have room to improve in their employee cyber education. True, it’s unlikely that any company will be able to completely eliminate all instances of falling victim to these cyber scammers, and cybersecurity professionals will always be necessary to help fortify a company’s data protection, but when cyber safety is integral to an organization’s culture the impact can be significant.
Start Creating a Culture of Cybersecurity during National Cybersecurity Awareness Month
October is an ideal month to start making cybersecurity a cornerstone of your company culture as it’s National Cybersecurity Awareness Month (NCSAM). This month, many public and private organizations, including ourselves, are working together to bring awareness to cybersecurity and the steps businesses and their employees can take to better protect themselves and the customers they serve. NCSAM has a vast library of educational resources available with best practices that your business can share with your employees throughout the entire year to help turn cybersecurity from an often-forgotten annual training, to an integral part of the way your company operates.
And key to turning cybersecurity into a culture is investing in quality, continual security awareness training that helps your employees understand their role in protecting your business from cyberattacks. Ponemon calculated the effectiveness of anti-phishing training programs and found that the average-performing program resulted in a 37-fold return on investment, even taking into account the loss of productivity during the time the employees spent in training. Companies can further foster education on cyber risks by holding educational lunches, posting relevant information around the office, and/or sending regular emails with security tips. It may also be helpful to create measurable goals and share the results within your company.
In creating this culture, it’s also critical that management reinforces the importance of keeping data safe and secure among employees. In fact, having upper level management active in practicing good cybersecurity habits has an added benefit. High-level executives have become a targeted demographic for phishing attempts due to their ability to access information companywide. The FBI says that companies who become victims of this type of fraud are estimated to lose between $25,000 and $75,000 each and that companies nationwide lost $2.3 billion from 2014-2016.
Companies should also consider demonstrating their commitment to protecting data by offering an identity protection service as a voluntary or employer-paid benefit through a reputable provider like us, Generali Global Assistance (GGA). An added bonus of offering identity protection from GGA is that ours includes a resource library with content that can help educate employees on cyber safety best practices, as well as sends monthly identity risk status emails that assist in keeping cybersecurity at the top of employees’ minds.
For even more tips on how your organization can better protect the data your company has been trusted to protect, download our white paper “Data Protection: Employer Obligations and Motivations” or sign up for our email newsletter.