How to make of your employees the best line of cyber defence against cyberattacks

Cyber attacks aren’t just getting more frequent, they are also becoming more sophisticated. Lloyd’s of London has estimated the global cost of a serious cyber attack to be more than $120 billion (£92 billion). Today’s cyber-attacks have far-reaching negative impacts that continue to ripple outward long after the initial financial losses. These indirect damages include reputational damage, lost relationships, and even legal liability.

Cyber criminals rely on the fact that busy individuals perform hundreds of daily actions on a computer or device connected to the internet. They know that most of those actions are performed automatically and without much thought. As a result, the majority of today’s data breaches result from human error, making cybersecurity a “people problem” as well as a technology issue. It is true that you can protect your company against email breaches with an advanced email security software to protect the personal data, email addresses, and other personal details, avoiding this to get into the hands of cybercriminals, resulting in an information breach.

Beside this, the solution to this people problem goes beyond IT. It involves promoting an entirely new employee culture around cybersecurity. We tell you in this blog what you can do to protect your company:

1. Start cyber awareness early during the induction process: Preferably on week one. Start building the mindset as all new hires go through security training from day one.
2. Both you and the executives and board members need to champion the cause. A lot of modern cyber threats often target high ranking individuals in companies. (i.e. CEO scam). For this reason, the CISO needs to make the rest of the C-suite aware of the ramifications of a potential breach. Typically, to have a good cyber plan, you have to have line items in the budget for people, hardware, or software, year over year. That means getting the CFO, CIO, and CEO on board.
3. Handle authorisation and access well on an individual level. Not everyone needs the same level of access, especially if it comes to sensitive company data. Every member of staff should know what data they can and can’t access within the company.
4. Regularly test your employees by sending them several phishing emails, to check if they click on a link or if open an attachment without checking the legitimacy of the header sender. If they click, teach them how to check if the email is legitimate or not. Create cybersecurity training sessions for the personnel that are not merely thorough but also engaging and fun, as that will make them more useful. Such training needs to include explaining the importance of proper data and information handling, as well as how they should handle emails, passwords, and other sensitive business information.
5. Everyone needs to be up-to-date on email security measures and all the new threats to cyber security. Remember that ‘live fire’ exercises can also be performed by means of using a platform where you can measure the effectiveness of the training, and these who fail can take the relevant e-learning courses. They also allow you to perform evaluations to assess how vulnerable your organisation is to attack. If you are interested, ask us about our Knowbe4 security awareness platform. We will be glad to help.
6. Communicate Create a plan for how best to communicate cybersecurity information to all employees to get all departments on board with training and learning best practices. It will help break down siloes, and will encourage people working together. IT teams should develop a formal, documented plan for cybersecurity training that is reviewed and updated often with the latest information on attack vectors and other risks.
7. Appoint cybersecurity culture advocates: Tech leaders should appoint a cybersecurity culture advocate in every department at their company. These advocates can act as an extension of the CISO and keep employees trained and motivated. That's something that's often overlooked, you can use the resources you already have in the company beyond the IT team.
8. Reward employees: Reward users that find malicious emails, and share stories about how users helped to combat cyber attacks.