In the past few years, cyber hackers have become vastly more sophisticated, both at infiltrating systems and eluding detection;
however, employee cybersecurity training hasn’t evolved to effectively prevent hackers’ increased savvy: While 84 percent of organizations experience staff-related security incidents, 60 percent of businesses admit their employees have no knowledge of security risks.
As a result, human error is becoming an increasing driver of corporate cyberattacks – 90 percent of external cyberattacks occur because an employee unwittingly gives their access credentials to a hacker.
To prevent cyberattacks, HR and IT departments must work together to develop effective employee cybersecurity training; IT can help safeguard employee data and guide HR on how to properly educate employees on potential risks. As you collaborate with your internal teams to create an effective employee cybersecurity program, here are three areas to keep in mind:
1. Culture. If your employees are like most, they’re likely guilty of visiting questionable websites, opening phishing emails, clicking suspicious links, and not installing regular security updates – all behaviors that contribute to security breaches. HR departments are responsible for influencing employee behavior, and should actively work against these risky practices by helping create a security-minded culture in the workplace.
Implement clear digital policy guidelines to educate employees on risky online behavior, encourage smart habits, and define accountability. Then, host regular security trainings to drive the idea that security is everyone’s job and instill a shared responsibility for keeping data secure.
2. Training. Offer mandatory and frequent training to educate employees on cybersecurity risks and the ramifications of violating security protocols. Working with the IT department, HR can develop relevant trainings that could focus on topics like:
- Understanding the potential damage from security breaches.
- Handling confidential information properly when using company hardware and/or personal devices.
- Recognizing phishing emails or questionable websites/links.
3. Technology. HR departments rely on technology to manage their workforces, and these platforms often house the sensitive data that cyberhackers want. Work closely with your HR technology partner to ensure the proper precautions are in place. For example, at Businessolver, we keep our client’s data secure by encrypting data at rest, using multi-factor full-disk encryption on all computers, blocking use of thumb drives to store potentially sensitive data, using frequent password resets, requiring an original password, and utilizing a Virtual Private Network for remote employees. Further, we require all employees to go through security awareness and HIPAA training on a regular basis.
For more on how to choose a technology platform that will keep data safe, check out our other cybersecurity resources.