Training employees on how to minimize the chance of a cyber attack can be one of the most inexpensive and effective tools a business can use. With a solid cybersecurity plan customized to meet the needs of your company, you can reduce the threat of cybersecurity losses. Take phishing, (the fraudulent practice of sending emails pretending to be from reputable companies in order to induce individuals to reveal personal information), for example. Verizon’s 2018 Data Breach Investigations Report found that phishing is the cause 93% of all data breaches. For these attacks to be accomplished, the perpetrator must have a target to lure in and take the bait—and employees are usually the ones who are targeted. Therefore, training your employees is of the utmost importance to prevent these types of cyber attacks.
Training employees on the prevention of cyber attacks can be both formal and informal. Formal training is learning typically provided by an education or training institution, structured in terms of learning objectives, learning time or learning support. Informal training results from daily work-related, family or leisure activities. It is not organized or structured and in most cases, unintentional from the learner’s perspective. In the world of cybersecurity, formal training might include a review of the organization’s policies and procedures, as well as specific incident response training. This educates the employees on solutions within the business, in the instance that a serious breach does occur.
Informal cybersecurity training might take the form of occasional emails to employees that detail current threats and imitate phishing attacks. These emails should also include follow-ups and feedback. For example, the email can include the following reminders:
- During the holiday season, common phishing emails claim to be from UPS or FedEx,and require someone to click a link related to a package.
- Employees should never provide login credentials via email, even if the email appears to be authorized source.
Research and Statistics
Gartner, a research and advisory firm, claims that applied instances of cybersecurity awareness training easily rationalize its costs. According to their statistics, untrained users click on 90% of the links received from outside email addresses. This causes over 10,000 malware infections a year. By their assessment, these viruses led to an overall productivity loss of 15,000 hours per year. Assuming an average wage of $85/hr, this means that lost productive costs reach $1,275,000 per year. This doesn’t even account for other potential costs such as reputational damage, remediation cost or fines associated with breaches.
When observing small to medium sized businesses, 24% of them consider phishing scams as their most significant threat. FBI’s 2017 Internet Crime Report states that phishing and other social engineering attacks cost nearly $30 million in total losses last year.
It is logical and cost-efficient for businesses to train their employees to prevent cyber attacks. Through formal and informal trainings, employees will have the ability to better prepare for a cyber threat and minimize its risks.