Nowadays, being called “basic” is insulting, but it can’t be helped if people really have to go back to basics when it comes to skills training. Something as critical as cybersecurity requires a thorough program because gaps in awareness are where data breaches occur. To build a broad and firm foundation in the mind of every organization member, you must cover these six baseline cybersecurity awareness topics:
#1 Always apply patches ASAP
When apps are first released, they are far from perfect. Since speed to market is key to monetizing software, publishers usually initially distribute minimum viable products (MVPs) that are then given upgrades and vulnerability patches through time. Every app user in your organization must immediately apply these patches for two reasons. One, hackers may have already discovered and are taking advantage of the holes the patches would have covered up. Two, hackers may reverse-engineer the patches to discover those holes. Either case is a race against time that only takes laziness, lack of vigilance, and zero sense of urgency to lose.
#2 Beware of social engineering tactics
Social engineering — a fancy term for deceiving victims into giving away sensitive information that may be used to commit crimes such as credit card fraud and identity theft — is a common digital game con artists play. Many tactics abound, such as emails that tell a comptroller to forward payments to a new account, and texts that ask recipients to verify alarmingly large transactions by leading them to a fake login page for their bank.
Your cybersecurity training program must include lessons on recognizing social engineering attempts, simulations that test staff proficiency, and the creation of reporting systems that encourage immediate disclosure of being victimized.
#3 Surf the internet safely
The internet is teeming with cyberthreats, so it is paramount that your staff members know how to stay safe on the web all the time. In your training program, you’ll need to teach them to:
- Seek admin approval before installing browser add-ons or running executables
- Make it a habit to check out the URL address bar and recognize genuine websites and URLs from spoofed ones (e.g., paypal.com vs. paypaI.com)
- Let an admin take over when, during the use of a web application, you are given instructions on how to bypass security alerts
Always apply security patches for your browsers as soon as they’re available (this is so important that it bears repeating).
#4 Comply with data protection regulations
With governments taking the stance that individuals have much less power over data collected about them than large corporations, governments are taking it upon themselves to protect individuals’ privacy and dignity.
This means that your staff needs to know how to comply with regulations such as California’s Consumer Privacy Act (CCPA). Compliance will entail:
- Labeling data according to sensitivity and determining which ones need to be protected
- Documentation and cybersecurity protocols during data sharing
- Encryption of data in transit and at rest
- Deletion of data that’s no longer necessary
- Creating backups for critical data, such as protected health information (PHI)
#5 Foster password best practices
Though more or less everyone knows why access to our accounts is often blocked by identity authentication walls, this knowledge doesn’t stop people from taking these for granted or not making the best use of them. They still use easy-to-guess passwords, either because they’re too lazy to create more complex passwords or they truly feel, due to sheer ignorance, that such credentials are enough to keep hackers at bay.
You need everyone in your company to adopt password best practices to help keep your business secure. To help you get started, here are some of our tips for improving password-based security.
#6 Implement an acceptable use policy (AUP)
Unless the company clearly tells employees what they can or can’t do with the devices it issues them, they tend to use the machines as if these are their own personal property. They’ll store and share personal files from these, perhaps keep them open and visible for unauthorized eyes to see, or use them for unsavory or illicit purposes that can tarnish your company’s reputation.
To a degree, personal use is permissible, but this depends on a mutual agreement between employee and employer. By clearly discussing your rules with the former and having them sign an AUP, you’ll teach them the rules and guidelines for using company-issued devices. You’ll show them how much control they can expect to exercise over those machines and the digital assets they course through these, and the repercussions for breaking agreed-upon rules. Some of these rules and guidelines may include:
- Devices must never be used for unlawful or unethical purposes.
- It is the sole discretion of the business to grant or rescind the privilege of using the devices.
- The business reserves the right to monitor the data on the devices, disallow data, files, and apps from being uploaded, and to manage access controls such as passwords, multifactor authentication (MFA) apps, encryption, etc.
Training your employees comprehensively on cybersecurity is crucial for giving your company the best shot at overcoming online threats when they arrive. To learn more about what you need to do cybersecurity-wise, download our eBook today.