Lack of Employee Awareness of Cybersecurity Is a Catastrophe Waiting to Happen



A new report has made it clear that the lack of awareness of cybersecurity amongst employees is a tragedy waiting to strike for businesses. In an age of increasing danger from cybercriminals, employees are unaware of the dangers they face each and every day. This article will guide you through the report itself, and teach you what you can do to promote employee awareness of cybersecurity to avoid disaster.

A Breakdown of the Report

Employee Awareness of Cybersecurity
Some of these figures are both worry and shocking for business owners. | Source: KnowBe4

The report, released by cybersecurity awareness firm Knowbe4, looked into employees’ cybersecurity knowledge as well as how well they applied it. The researchers looked at employees from a range of different industries, including medical, finance, and technology. In many cases, the findings of this report have been damning.

Over 50% of employees don’t think it’s likely they can infect their phones with malware by clicking on suspicious links. Even worse, nearly a quarter of all employees believe that suspicious links pose little to no threat at all. The report also showed an alarming number of employees who are unaware of basic cybersecurity practices.

Nearly half of employees also failed to confidently detect a phishing attempt, despite being a common attack against businesses. In general, social engineering seems to be the least understood, despite posing one of the biggest threats to many industries.

There were some positive takeaways from the report. Firstly, it seems clear that regular training has a positive effect on employee awareness. Companies that train their employees at least once a month show dramatic increases in basic cybersecurity awareness. For example, training employees monthly means that around 60% know the dangers of suspicious email links, while training employees biannually reduced that number to only 44%. These figures are also consistent across other areas, with infrequent training resulting in only 37% of employees knowing that dangers of leaving a computer unlocked while you’re away, and 42% knowing the dangers of a weak or repeated password.

This report also goes on to state that the working-from-home environment has stopped a lot of cybersecurity training. It also covers information relating to employee awareness of best privacy practices, which is thankfully much higher than average cybersecurity awareness.

What This Report Means for Businesses

If you’re a business owner, this report should cause you some concern. Employees are the most important line of defense you have against hackers and scammers. Social engineering is the most common way that hackers and scammers use to attack businesses. As these methods rely on ignorance, it is alarming how many employees cannot recognize phishing attempts or other types of social engineering.

Even worse, employees who aren’t regularly trained have less grip on basic good cybersecurity practices. This is especially the case for those working from home whose employer has dropped or postponed regular training. The loss of this regular training not only reduced overall awareness but even simple things like good password rules seemingly become forgotten.

Clearly, this report shows just how important regular training around cybersecurity is. Even employees who worked from home continued to see improvement with regular training.  These improvements appear despite the training being in a virtual setting.  If you have employees working from home, or don’t regularly train your employees at all, you could be walking your business straight into a disaster.

How to Raise Employee Awareness of Cybersecurity

Employee Awarness of Cybersecurity - Regular Training Graph
This chart indicates how important regular and consistent training is. | Source: KnowBe4

The simplest way to increase employee awareness of cybersecurity is to keep training them. Monthly meetings about cybersecurity may seem like overkill. However, it’s important that everyone is aware of the part they play and don’t forget the basic foundation of good cybersecurity.

None of your employees should be making simple mistakes. Every employee, no matter their department, should know they’re part of keeping your business safe. It’s also just as important to make sure that you’re employees know how and why they should report cybersecurity matters to you.

If your employees work from home, schedule monthly virtual meetings with them about cybersecurity practices. You should use these meetings to discuss common problems faced in a work-from-home environment, including the use of third-party cloud storage.

If you’re working from a centralized location, run monthly meetings on good security practices. These meetings do not need to take a long time, but taking place regularly ensures the lesson is retained. You should also ensure that all of your employees attend, not just those in the IT department. You can either make these meetings mandatory or use an incentive program to encourage attendance.

Further Steps to Take

There are some other steps you can take to increase employee awareness of cyber security and avoid potential catastrophe. If you want to try and educate employees outside of meetings, there are some educational resources that can help you do that. (potential link to education article)

You should also consider signing up for one of our business protection plans. It covers you and up to 20 of your employees against hackers and scammers. These plans offer support from our professional team of experts. You can receive help whenever you need it with one of our protection plans.

We also offer comprehensive security audits of your business, to ensure it’s as secure as possible.

Featured image by ra2 studio from Shutterstock.com.