Staff education seems to be one of the strategies that is missing in most businesses when it comes to digital protection. Education can have one of the biggest impacts on the digital security of any business / organisation.
When it comes to protecting your organisation against cybercrime you will always need the basics.
- A decent second generation firewall (not something supplied by your ISP or bought from a local retail shop),
- a centrally managed AV
- a secure off site backup service and
- Numerous other management components for protecting the organisation
But one of your best defences against cybercrime is making your staff are more aware of the dangers. Technology and management can only go so far, no matter how good or expensive they are.
There is always a chance that the newest threat makes it through all that new technology and then all you have is a human to protect your business. That staff member is in a position to either question the attack or just follow the normal process and “click on the link” for instance. By having an educated user in place increases your protection level substantially because they will be more readily able to question the attack.
Your business induction process is a great place to start. Included in that induction process should your Organisations cybercrime and digital education process. The process should look at the basics of digital protection and why cybercrime is a problem.
Those basics being:
- Passwords – using complicated ones, what is a complicated password, how to create them and why they are so important as a first level of protection for your organisation
- Basics about the Internet and email including SPAM, Phishing and social engineering
- Social media and its role in the Organisations profile and what can be posted and to where
- Understanding WiFi and VPN and working in the cloud
- BYOD and the Organisations digital policy
Like all education processes, cyber security education, is an ongoing process. You need to ensure that staff and users are not forgetting the lessons learned. To do that you need to have refresher information, reminders, that will allow the lessons to be remembered at all times. These can include additional education courses, competitions, posters and anything else that you can think of that will make security front of mind by all users.
Education is also one of the cheapest ways to protect your organisation. A second generation firewall can set you back thousands of dollars whereas a basic digital education course can cost as little at $50 per user.
Remember, the bad guys attack you thousands of times but all it takes is one to get through and your digital system is no longer yours. When that happens I hope you have an educated user at the other end to question the attack!