• Products and Solutions
    • I.T. Support
    Partek 360 Managed I.T. Services
    Help Desk
    Projects and Consulting
    • Infrastructure
    Servers & Networking
    Business Continuity
    Business VOIP Solutions
    Wifi
    Managed Print Solutions
    • Cyber Security
    Ransomware Protection
    Managed Threat Response
    Email Security
    Endpoint Backup & Disaster Recovery
    • Cloud Solutions
    Microsoft 365
    SharePoint
    Private and Managed Cloud
    • Web
    Website Development
    Website Management
    Hosting and Security
    Email Marketing
  • Company
    We’re always up for a chat!
    Get in Touch
    • About us
    Meet the Team
    Careers
    Contact Us
    • Stories
    • Case Studies
    • Client Success Stories
    • Website Portfolio
    • Blog
    Latest Articles

    Topics

    • Cloud
    • Cyber Security
    • Email
    • Information Technology
    • Website Design
    • Wifi
    • Recent News
    Social Engineered Cyber Attacks
    09Jan

    Social Engineered Cyber Attacks

    Define your cybersecurity risk
    05Dec

    Define your cybersecurity risk

  • Contact
Support

Are your staff your biggest security risk?

  • Home
  • Archive
  • Information Technology
  • Are your staff your biggest security risk?
All humans deserve kindness.
June 1, 2022
How to detect a phishing email?
June 24, 2022
June 9, 2022
Categories
  • Information Technology
  • News
Tags

With over 90% of successful cyber attacks requiring human interaction, your staff are now the number one point of entry for cybercriminals looking to harm your organization.

In most cases, cybercriminals target people, rather than systems, to gain access to their targeted infrastructure. Cybercriminals aim to exploit human error in about 99% of their attacks by luring employees into clicking on malicious content.
“Cybercriminals are aggressively targeting people because sending fraudulent emails, stealing credentials, and uploading malicious attachments to cloud applications is easier and far more profitable than creating an expensive, time-consuming exploit that has a high probability of failure,”

Proofpoint's chief of threat operations.

Cybercriminals are effectively viewing your employees as your weakest link in targeted cyber threats.  In response, many organizations are engaging their managed I.T. providers to conduct thorough cybersecurity audits in order to understand the current level of risk, as well as implementing consistent staff training. Currently, the data indicates that the circumstances are far from perfect with only 28% of businesses currently running a comprehensive training program more than twice a year.

It’s becoming obvious for many businesses that awareness alone is not enough to change behaviour. So how can you create a cybersecurity culture where best practice becomes standard in your business? The best route is to keep your employees engaged at every step.  Here’s How:

Be relatable

Most employees are not cybersecurity experts, so they’re unlikely to relate to jargon and dry statistics. Present the process of cybersecurity as a story, analogy, or giving employees specific examples of potentially risky behaviour.

There are plenty of real-world examples to help you out here. In recent years, you can take your pick of high-profile incidents from LinkedIn, Equifax, Twitter and many more. Tailoring specific examples to particular job roles, departments, and bad habits to plot a clear path between today’s actions and tomorrow’s consequences. The more personalized your delivery, the more users can relate, and the faster behaviour changes. 

Here is an excellent analogy that we often use during our security training programs:

Cyber-security is no different from any other security – it often comes at the expense of convenience. 

Take airport security for example; Travel can be stressful, and no one particularly enjoys the added inconvenience of going through security, taking your laptop out of your bag, and your shoes off, but it’s necessary for the safety of flying. 

Cyber-security is no different: Multi-factor authentication, layers of email scanning, security awareness training; All of these add time and potential inconvenience to the speed of operating our businesses. 

However, the inconvenience of any particular security measure becomes minor when you consider the alternative – a security or data breach can cause much larger, costlier issues affecting your entire business.

Keep things interesting

While consistent reminders might seem like a great start, we all know delivering the same message repeatedly often causes staff to zone out, become disengaged, and ultimately ignore the notifications.

We’ve seen clear evidence of this over the past year, with awareness of key phrases falling, sometimes significantly. In this year’s State of the Phish Report, just over half (53%) of users could correctly define phishing, down from 63% the previous year. Recognition also fell across common terms like malware (down 2%) and smishing (down 8%), and only 36% could correctly define the term Ransomeware.

This highlights the need to keep security awareness training fresh and engaging. It is important to deliver training and education in as many places and formats as possible. The more varied the ways your cybersecurity message is reinforced, the more likely it is to be retained.

Information fatigue

The recent decline in cyber security awareness is an area where pandemic fatigue and its impact on workers’ attention spans may be a factor. Employees may feel overwhelmed with the sheer amount of terminology they hear detailing cyberattacks and warnings of dire consequences. It wouldn’t be unreasonable to consider staff’s general mental exhaustion simply from feeling overwhelmed and confused.

In addition, the pandemic put many different pressures on organizations and some may have been forced to de-prioritize employee education programs due to lack of time, resources, revenue, or other factors. During the pandemic, a malicious attack due to human error could have been the final straw for many businesses that were already struggling to stay afloat. There is no better time to place priority on security education, training, and best practices.

Whichever the case may be, it is obvious that it is never safe to assume that your employees will consistently recognize security lingo. This is particularly true if your security awareness training and phishing simulations happen infrequently. Reinforcement is critical to knowledge and skill development; Employees must understand the terminology in order to implement it effectively.

Adjust and adapt

One of the biggest challenges we face as an Managed Service Provider is that the threat landscape is constantly evolving. So it is important that your training program does the same. Training should be relevant and current to the threats facing your organization today.

Security training should educate your staff on the motives and methods of common attacks and where they are most likely to encounter them. Most importantly, your employees must understand how they may be manipulated into an action and the potential consequences of taking the bait.

Conducting research into the most attacked people in your organization and the types of attacks they face is important so we are able to deliver training in context with their everyday processes and tasks. Having the proper information allows us to deliver simulations based on real-world examples to help your staff learn how to put their training into action when it matters most.

Make it fun

We understand that cybersecurity training may not sound like most people’s idea of fun, but there are plenty of ways to keep it positive and even enjoyable. Delivering training in short sharp models and using different approaches often keeps things fresh and engaging and brief enough to be digested easily.

Making security training competitive and turning it into a game can also aid the process. The gamification of training modules has been shown to increase engagement and motivation, as well as improving attainment scores in testing.

We want to avoid security training and education feeling like a chore. The more enjoyable we can make the experience, the less resistant your staff will be to taking part.

Sending, receiving, and processing masses of data is now a part your employees’ everyday tasks. Thus, cybersecurity is a necessary part of those daily tasks.  With tailored, engaging, and consistent security training, we can help ensure your staff aren’t your business’s biggest security risk. 
In addition to your Managed Service Provider reducing the stress of running a business and providing peace of mind, involving your MSP is a great start to begin education, training, and cyber security audits.

Sign up for our no-obligation Cyber Security Assessment to learn about cyber security training for your business! 

Cyber Security Assessment
Share

Related posts

January 9, 2023

Social Engineered Cyber Attacks


Read more
December 5, 2022

Define your cybersecurity risk


Read more
November 29, 2022

Canadian food retail giant hit by ransomware


Read more
November 23, 2022

‘Tis the season for cyber scams and festive phishing


Read more

[email protected]
[email protected]

Medicine Hat

202 – 132 4th Ave SE
Medicine Hat, Alberta
T1A 8B5
(403) 488-3333

Swift Current

101 – 140 2 Avenue NW
Swift Current, Saskatchewan
S9H 0P2
(306) 437-0803

Get the latest from Partek

Email updates on the latest tech, cyber-security advice, best business practices, and Partek news.

  • Open a Support Request
  • Remote Support Portal
  • Make a Payment
  • Partek Client Portal
  • Careers
© 2022 Partek I.T. Solutions | All Rights Reserved | Privacy Policy