Companies won’t be able to protect themselves from all cyber threats or digital attacks. Particularly with employees working from different devices and in different teams, it’s simply not possible to safeguard against any and every phishing attack or download and installation of malicious apps. However, employee cyber security awareness plays a critical role in increasing the prevention of data leaks and malware infiltrations. This means organizations have to improve the training they provide.
According to the “Insider Data Breach Survey 2019” commissioned by Egress more than three-quarters of executives believe that employees have accidentally put company data at risk in the past year, but 92% of employees said they had not done anything malicious. This shows a definite gap between theory and practice. Though people think they might know the rules it often takes only one click and company data is put at risk.
Facebook for instance has recently patched a vulnerability in its popular WhatsApp messaging platform. Attackers simply had to send a video to their targets which would then launch a remote code execution to capture the user’s mobile system. Another case reported the misuse of Microsoft’s Office 365 infrastructure to send phishing mails coming from legitimate, validated domains.
Examples like these demonstrate the power of combining validated user information and trusted platforms with malware to attack other users without their knowing. Training can make all the difference — if it’s done correctly. One of the most important things to bear in mind is to tailor your training to the different group of employees based on their varying responsibilities, knowledge levels and – most importantly – access to corporate data. Secondly, cyber awareness trainings should never be optional or a ‘sometimes it happens‘ in your company. Make sure to establish a concrete learning path and KPIs to measure the success of your trainings.
Creating a strong cyber security culture doesn’t necessarily guarantee that you’ll never experience security issues again. But, you can decrease the risk that employees will become a victim of phishing or hacking attacks because they are both better prepared and more aware of how easily breaches and cyber threats can occur.