A new report has made it clear that the lack of awareness of cybersecurity amongst employees is a tragedy waiting to strike for businesses. In an age of increasing danger from cybercriminals, employees are unaware of the dangers they face each and every day. This article will guide you through the report itself, and teach you what you can do to promote employee awareness of cybersecurity to avoid disaster.
A Breakdown of the Report
The report, released by cybersecurity awareness firm Knowbe4, looked into employees’ cybersecurity knowledge as well as how well they applied it. The researchers looked at employees from a range of different industries, including medical, finance, and technology. In many cases, the findings of this report have been damning.
Over 50% of employees don’t think it’s likely they can infect their phones with malware by clicking on suspicious links. Even worse, nearly a quarter of all employees believe that suspicious links pose little to no threat at all. The report also showed an alarming number of employees who are unaware of basic cybersecurity practices.
Nearly half of employees also failed to confidently detect a phishing attempt, despite being a common attack against businesses. In general, social engineering seems to be the least understood, despite posing one of the biggest threats to many industries.
There were some positive takeaways from the report. Firstly, it seems clear that regular training has a positive effect on employee awareness. Companies that train their employees at least once a month show dramatic increases in basic cybersecurity awareness. For example, training employees monthly means that around 60% know the dangers of suspicious email links, while training employees biannually reduced that number to only 44%. These figures are also consistent across other areas, with infrequent training resulting in only 37% of employees knowing that dangers of leaving a computer unlocked while you’re away, and 42% knowing the dangers of a weak or repeated password.
This report also goes on to state that the working-from-home environment has stopped a lot of cybersecurity training. It also covers information relating to employee awareness of best privacy practices, which is thankfully much higher than average cybersecurity awareness.
What This Report Means for Businesses
If you’re a business owner, this report should cause you some concern. Employees are the most important line of defense you have against hackers and scammers. Social engineering is the most common way that hackers and scammers use to attack businesses. As these methods rely on ignorance, it is alarming how many employees cannot recognize phishing attempts or other types of social engineering.
Even worse, employees who aren’t regularly trained have less grip on basic good cybersecurity practices. This is especially the case for those working from home whose employer has dropped or postponed regular training. The loss of this regular training not only reduced overall awareness but even simple things like good password rules seemingly become forgotten.
Clearly, this report shows just how important regular training around cybersecurity is. Even employees who worked from home continued to see improvement with regular training. These improvements appear despite the training being in a virtual setting. If you have employees working from home, or don’t regularly train your employees at all, you could be walking your business straight into a disaster.
How to Raise Employee Awareness of Cybersecurity
The simplest way to increase employee awareness of cybersecurity is to keep training them. Monthly meetings about cybersecurity may seem like overkill, but it’s important that everyone understands their role in keeping your business safe and doesn’t forget the basics.
None of your employees should be making simple mistakes. Every employee, no matter their department, should know they’re part of protecting your business. It’s equally important to ensure your employees know how and why they should report cybersecurity matters to you.
If your employees work from home, schedule monthly virtual meetings to discuss cybersecurity practices, especially focusing on challenges like the use of third-party cloud storage. For centralized workplaces, run regular security meetings. These don’t need to be long but should be consistent to reinforce good habits. Attendance from all employees—not just the IT department—is essential. Consider making these meetings mandatory or incentivizing participation.
For more detailed strategies on how a cybersecurity company like ours ensures employees and businesses stay safe, check out our article: How We Protect Our Employees with Cyber Awareness
Featured image by ra2 studio from Shutterstock.com.