Cyber Security

7 Tips for Training Employees About Cybersecurity Awareness

With the pandemic increasing the number of employees working from home to about 70%, based on a PwC survey, remote work brings its own dangers. The use of employee-owned devices, unsecure connections, and improper device usage leave companies vulnerable to a host of network intrusions. This is where training employees about cybersecurity awareness is a must. 

Why is Cybersecurity Awareness Important? 

According to the National Institute of Standards and Technology, organizations “should assume that malicious parties will gain control of telework client devices and attempt to recover sensitive data from them or leverage the devices to gain access to the enterprise network.”

Some of the ways they can gain access include:

  • Device loss or theft
  • Social engineering tactics
  • Phishing
  • Malware and ransomware
  • Zero-day exploits
  • Macro and script attacks
  • Botnet attacks
  • Neglecting to stay on top of OS patches, antivirus updates, and other critical upgrades.

7 Cybersecurity Awareness Best Practices for Employees

For minimizing the risk of a network intrusion, it’s necessary to bolster your first line of defense against external threats, aka training your employees on cybersecurity awareness. Here are 7 ways you can educate your remote workers on best security practices.

1. Make Cybersecurity Clear To Your Employees

The first step to getting employees acquainted with cybersecurity education is to outline a clear message about what is occurring in your company regarding cybersecurity.  Such a message needs to be understandable, relatable, and diversified.

  • Understandable – Avoid technical jargon that may confuse employees and cloud your message. When possible, use simplified terms that are accessible to the non-tech-minded layman.
  • Relatable – When talking about external threats, make it less about the central network and more about personal computer safety and home network intrusion. This way, employees can personally relate to the danger if it’s framed in terms of their phone or laptop.This enables them to have a personal stake in the security plan: no one wants to be the reason for a data breach that affects the whole company.
  • Diversified – A simple email outlining everything may not be enough. Think about how many emails the individual employee receives. By diversifying your communications strategy, you can ensure that employees read the message instead of dismissing it as just another announcement.

2. Encourage Taking Great Care Over Your Devices

A Forrester survey found that 15% of company breaches are caused by lost or missing devices. Whether it’s a corporate or personal device, training your employees about cybersecurity includes bringing awareness that their gadget acts as a gateway to your organization’s network. This makes it important to take care of their device and use it properly even in the confines of their home.

Help increase good device ownership by conducting the following:

  • Teach the difference between personal and corporate usage.
  • Make it mandatory to have a work account that’s subject to monitoring, restricted installations, and web filtering.
  • Beware of old-fashioned loss and theft.
  • Make sure security patches and OS updates are followed.

A device management and monitoring solution, such as our Multi-OS Device Remote Management can help mitigate risk by automating the push updates and tracking the device’s status and its location at all times. But this should only serve as a backup, and end-user security best practices should rest with the employee.

3. Teach Employees How to Spot Suspicious Activity

Improve your employees’ eyes in spotting suspicious activities to enhance their cybersecurity awareness by teaching them to watch for the following signs:

  • Sudden appearance of new apps or programs on their devices
  • Strange pop-ups during startup, normal operation, or before shutdown
  • The device slows down
  • New extensions or tabs in the browser
  • Loss of control of the mouse or keyboard

Encourage your employees to report suspicious signs immediately. Even if it turns out to be a false alarm, it might still be beneficial to the employee by clearing up errors in their device that hamper productivity.

4. Reinforce Confidentiality

Working from home tends to make people more complacent, and this extends to cybersecurity. Drill the importance of passwords and authentication even if they work in their PJs. Just because they’re relaxed doesn’t mean security has to be.

To avoid cybersecurity threats regarding confidentiality, train your employees by conducting the following:

  • Enact periodic and unique password changes.
  • Teach employees about the dangers of using universal passwords, and use real-world examples from past data breaches. They might even want to see if their personal account passwords have been pawned.
  • Discuss the rationale behind VPNs, multi-factor authentication, and other secure log-on processes, and why they are important despite being time-consuming.
  • To combat unsecured storage of company data, provide concrete examples of stolen data incidents caused by an errant thumb drive or compromised personal Dropbox account.

5. Examine Individual Cases of Cybersecurity Breaches

Unlike an office environment with a controlled network, your employees’ home computer security can vary widely. Some may connect through their home Wi-Fi, while others may use connections from the public Wi-Fi at a coffee shop. 

Some may have older devices that are no longer supported by security patches, and it may be necessary to address those concerns by:

  • Encouraging employees to use their company-provided devices. If it’s BYOD, check the device brand and model year to see if there are outstanding exploits.
  • Do a security sweep of home networks. For example, some older routers may have weaker WEP protocols instead of WPA-2, or some may even have the default password!
  • Pay attention to nomad employees and devise a security policy for them, since roaming data or public Wi-Fi hotspots bring their unique threats.

6. Take Advantage of Online Cybersecurity Courses

There are plenty of online resources when it comes to training employees on cybersecurity awareness, and not all of them have to be paid.

For management:

For employees:

  • The National Institute of Standards and Technology has a list of free and low-cost online training content specifically designed for employees, including webinars, short courses, quizzes, and certification.
  • This webinar series from the National Cybersecurity Alliance releases one video every other month, starting in November 2019, and ending in November 2020. 
  • ESET offers a free one-hour training course that teaches best practices for remote employees. The paid version includes dashboard tracking of employee progress, phishing simulator, and certification and Linkedin badges.
  • FEMA’s IS-0906 course on workplace security awareness takes only 1 hour and tackles risks, prevention measures, and response actions for remote employees. 

7. Make Cybersecurity Awareness an Ongoing Conversation

On average, corporate workers spend up to a quarter of their workday on email-related tasks. This makes a one-shot email message about cybersecurity a poor choice, since they may not be able to appreciate the significance or absorb the information in one sitting.

Here are some best practices to take with outlining a cybersecurity announcement to your employees:

  • Use different approaches to cybersecurity education, such as regular announcements or newsletter updates.
  • For each update, follow the KISS rule: Keep It Short and Simple. This way they can glean the message and retain the information amid their hectic day.
  • Follow current trends. If there’s a new type of crypto-malware or exploit that crashes phones with a single message, make sure it reaches your members.
  • Use eye-catching tactics each time to get them to absorb the message. Instead of listing dry statistics or do’s and don’ts, try colorful infographics. For long topics, try a video explanation.
  • You can even try cybersecurity tests to see if the lessons stick. For example, as part of its email safety education, HP sends out test phishing messages and congratulates employees that report it to IT.

Final Thoughts

Training your employees about cybersecurity awareness allows them to understand how they play a role in protecting your company. . Rather than being just another cog in the organization, they are the first set of eyes that guard against external threats. By encouraging vigilance and good cybersecurity awareness, is something that they can carry well beyond the confines of the office, even after things return to normal.

On The Same Issue

Working from Home Securely: A Complete Guide It is key that remote workers separate their work/personal digital environments, and take protective measures to avoid an attack that results in a chaotic domino effect that puts the company and personal data at risk.

Posted Sep 15 2020

Sudden Remote Work: The Ultimate Checklist to Maintain Operations on this COVID-19 CrisisThe recent outbreak is becoming a nightmare for IT managers and sysadmins. Is your organization ready for the technical complexity of remote work?

Posted Apr 06 2020

6 Best Practices for a Remote Company Security PolicyBefore the coronavirus hit, only about 7% of the US workforce had the option to work-from-home, according to the Bureau of Labor Statistics. Today, remote work accounts for over 70% of employees across all industries, with some companies exploring permanent work from home setups. With so many organizations…

Posted Jan 14 2021

Phone Security: 20 Ways to Secure Your Mobile PhoneEvery bit of sensible information and access now fits in the palm of our hands, inside our smartphones. Learn how to mitigate the risk that mobiles carry with them as attackers turn to target them.

Posted Apr 06 2021

Solving the Biggest Challenges of Working RemotelyAccording to the Bureau of Labor Statistics, only about 3% of US employees worked remotely in 2019. However, the coronavirus outbreak saw a massive shift, with more than 80% of the US workforce working from home since the start of the pandemic. On the global stage, nearly 90% of businesses…

Posted Nov 09 2020

Endpoint Security Risks – Why It Matters Now More Than EverAs businesses shift to a decentralized working environment amid the coronavirus pandemic, the risks of network intrusion and data breaches multiply. Endpoint security risks have become a major factor in company security. Here’s why endpoint security matters more than ever in a post-pandemic world.

About the author

Nicolas Poggi

Nicolas Poggi is the head of mobile research at Prey, Inc., provider of the open source Prey Anti-Theft software protecting eight million mobile devices. Nic’s work explores technology innovations within the mobile marketplace, and their impact upon security. Nic also serves as Prey’s communications manager, overseeing the company’s brand and content creation. Nic is a technology and contemporary culture journalist and author, and before joining Prey held positions as head of indie coverage at TheGameFanatics, and as FM radio host and interviewer at IndieAir.