You’ve heard about the benefits of security training, but now you want to get to the details on how to do it. If you’re just starting out with training, it’s best to start out relatively simple at a high level.
You should put your focus in three distinct “buckets”:
- Internet security/safety
- Password management
1. Internet security
Most likely, your business has many dealings with the greater World Wide Web. Start by ensuring that the web browser is up-to-date.
Vulnerabilities in old versions of web browsers give hackers ample opportunity to find exploits that can siphon data without much effort.
You’ll also likely want to include some form of pop-up blocking protection to prevent unwanted intrusions in browsing sessions.
Be sure to cover the different types of cyberthreats out there, and how poor browsing habits can invite threats directly into a network.
It’s a good idea to show them visual representations of what a spammy pop-up looks like, as well as malicious links and fake websites.
In all your training, you shouldn’t focus only on the “how” of security. If you’re looking for successful and meaningful adoption, you need to also explain the “why”.
Internet security recap:
- Show staff how to keep their browsers updated
- Help them install and manage pop-up blockers proactively
- Show them good vs. bad browsing habits
2. Password management
There is no shortage of password statistics that show how important they are. So why are people still not taking them as seriously as they should?
It all comes down to understanding. When training your staff, focus on what can happen if someone else were to access their data using their password.
Tie in real examples of past occurrences and focus on how it affects them directly, as well as the rest of the company. It doesn’t help that managing passwords is often a headache, too.
Consider the sheer number of accounts that a single person has, and then remember that – ideally – they should have a totally unique password for each of them.
That’s exactly why password managers exist. When training, focus on the importance of passwords … but don’t forget to stress that it doesn’t have to be painful.
Password management recap:
- Show staff examples of password-related security events
- Help them understand what’s at risk for YOUR company
- Show them proper password management techniques/tools
3. Email security
246 billion emails are sent on a daily basis in 2019. There’s a pretty good chance you’re part of that number (as are we!). That’s a lot of data flying around that can be intercepted, infected, and otherwise used maliciously.
And the worst part? It can go directly to you and your staff.
Training on email security should cover what spam emails look like and how to properly deal with them. Show your staff how typical junk mail can (and often does) carry infected attachments and links that can directly infect their device.
Then there’s the bigger stuff – social engineering. In 2019, everyone should understand that phishing attacks are a huge threat to businesses.
You’ll need to help your staff understand the types of emails that should raise flags, such as managers, colleagues, or partners asking to receive critical information that could put the company in a dire situation. Share what they can do when they are unsure of any email’s legitimacy.
Email security recap:
- Show staff what a malicious junk email looks like
- Explain phishing attacks and how to spot one
- Show them how to deal with these emails
What more can you do to train staff on security?
Starting with these three fields is enough to build a solid bedrock of security for your company. However, it’s far from complete. As a business, you’ll want to attend security seminars and read resources regularly to keep yourself updated on the latest relevant threats.
Itching to know more about security training? Check out this other blog of ours that digs deeper into the #1 security mistake that employees make.