10 Tips to Help Your Non-IT Staff Become Cyber Smart

Tips to Help Your Non-IT Staff Become Cyber Smart

Cybersecurity breaches continue to be on the rise. Of these breaches, 95% are caused by human error. Of course, employees do not intend for these errors to happen and most feel embarrassed and frustrated when a breach occurs due to a mistake that they made. With the percentage of cyber incidents being greatly impacted by regular non-IT employees, security professionals and the industry has deemed “employees the weakest link” for years. However, this does not solve the issue. Many are now suggesting that we rephrase and reposition this idea so that employees can be your greatest protectors. They can be cyber smart and protect your valuable data! Employees have the power to make an impact during their everyday interactions online and it is up to the IT security team, human resources and upper management to provide the necessary tools for them to be able to yield this power. So, what are some tips that can help you to make it so your non-IT staff to follow security policies?  Check out our top ten tips to help your staff become the cyber smart staff that you need them to be:   

  1. Build a culture of security. Create a culture where all upper management and staff are prioritizing online security more than once per year. Provide cyber-tips in regular communications such as newsletters, staff meetings and one on ones.  
  2. Ditch the annual training. Yes, annual training used to be sufficient, but with cybersecurity breaches increasing, companies need to look at training on a semi-annual or quarterly basis. Cybersecurity courses such as the CompTIA A+ certification training or network+ certification training all include components of security awareness and will also provide your team with invaluable skillsSecurity+ certification or CySA+ certification training are also excellent options. If the IT professional courses are beyond your team right now, consider a continuing professional development webinar on cybersecurity for the user. These free webinars are a great way to increase awareness for your team if you are a small or mid-sized business trying to keep costs to a minimum.  
  3. Include information on how to be safe online at home and on personal devices. Even if your company is not using BYOD, there are many times organizations allow individuals to access cloud information at home or on the road. The safer your staff is at home, the safer the company is. Considering most people re-use passwords, how safe your employees’ personal information is may have a direct impact on your company information.  
  4. Ensure proper password management. Training on password management and mandatory password updates are important factors to keeping your company information safe. Take the time to help staff understand that unique passwords are much more difficult to crack and can be the difference between a cyber attack being successful or unsuccessful.  
  5. Teach your staff about phishing scams. The best of us can fall victim to a phishing scam, but providing cybersecurity awareness training that focuses on paying attention to subject lines, suspicious links and never sharing sensitive data via email is important for the overall protection of the company.  
  6. Update applications whenever an update is ready. Yes, these updates can be irritating and they often seem to pop up at the most inopportune times, but getting these done as soon as they are available should be an important component of your team’s IT security plan 
  7. Never use public wifi when conducting work, when using a work device or on a cloud platform that contains work materials.  
  8. Include a cyber awareness component in your onboarding process. The next cyber awareness training may be months out. Onboarding is a time when you have your new staff’s attention, use it to protect your company.  
  9. Use live-fire simulating attacks and reward employees who are successful rather than shaming those who were not. Highlight those who were able to recognize and attack and ask them to share their success at the next staff meeting. Everyone enjoys being highlighted and praised. 
  10. Instruct employees on who to call when they suspect a breach. They should have access to primary and secondary contacts to ensure a rapid response to minimize the effects of a potential breach.  


If you want to learn more about how to protect your company, check out our previous blog on Why Your CISO Needs Support to Protect Your Business. 


Written by: Marla Ovenden-Cooper 

 

Comments

Post a Comment

Popular posts from this blog

What is Ethical Hacking?

Quite often, information security professionals are required to have CEH certification, which means they have the knowledge of ethical hacking and are able to perform it as part of their work responsibilities. Ethical hacking, which is also referred to as penetration testing or intrusion testing, is an essential part of assessing the vulnerability and weakness of computers, networks and information systems. As a result of ethical hacking, security specialists identify the risks of real attacks and take measures to protect the organizations they work for. It is recommended that IT specialists take a certified ethical hacker course to understand the procedures of ethical hacking and the instruments they are allowed to use. They should adopt the mindset of a hacker for the duration of the penetration test and find out the answers to the following crucial questions: 1.        What can the possible attacker gain access to? What information or system is the most vulnerable and should
Read more

Why The CISSP Exam Changes

Image
If you’re looking to become a certified information systems security professional you need to get your CISSP Certification. In order to get your CISSP Certification, you need to take the CISSP exam. Before you take the exam, you need to get CISSP training, like the (ISC) 2 accredited CISSP exam prep course offered at TechnoEdge.   If you’ve been looking into taking the exam you may have noticed a recent announcement that the exam will be updated and changed in 2021. The CISSP exam is actually updated on a fairly regular basis. Typically, each update happens 3 years after the last. The CISSP has seen updates in 2012, 2015, and 2018. This may seem unusual, but there’s good reason for keeping the exam updated regularly.   A Rapidly Changing Profession Certified information systems security professionals are based in the technology sector, and the tools and knowledge required to perform their job are constantly changing and evolving. By updating the exam on a regular basis, the CISS
Read more

How to Get a Cybersecurity Job

Image
Cybersecurity is a booming industry and one of the best ways to get involved in the tech sector. There are hundreds of thousands of openings in cybersecurity with almost as many job titles to choose from. Ethical hackers, IT security managers, network security specialists, incident responders, and so many other positions are all viable options for a cybersecurity career. To help set you on the path to an exciting career in cybersecurity, we’re going to go over how you can find a job in the industry, and what you’ll need to stand out in the job market. Take Stock of What You Know If you’re already in IT and looking to specialize in cybersecurity, you can use your current skills to narrow down what role you’ll play in cybersecurity. If you’re skilled at writing and understanding code then you’ll be able to identify and protect against malicious code. You could even build on that existing skill by taking an ethical hacking course, like the one offered at TechnoEdge. Even if you do
Read more