With the increasing number of cyberattacks, cybersecurity is gaining importance for a lot of companies.
There are a lot of options to consider if you want to improve your cyber risk management strategy, but one of the first things you should do, is deal with internal potential threats.
According to Veriato’s 2018 Insider Threat Report, 90% of cybersecurity professionals feel their company is vulnerable to insider attacks, and about 50% have experienced at least one of these attacks.
Employees represents a threat also when their poor behaviour, generates vulnerabilities for the company.
One way to prevent this, is to train your employees on their data security responsabilities and accountabilities.
The following, are some of the topic that employee training should cover:
Responsibility for Company Data: Each employee has the responsibility to protect the privacy of information and its integrity and confidentiality.
Report Procedures: In the event an employee's computer becomes infected by a virus or is operating outside its norm, employees should immediately report the incident so your IT team can be engaged to mitigate and investigate the threat.
Passwords: Employees should be able to assess whether they are using strong or weak passwords.
Unlicensed Software: Everybody should know that it is forbidden to install unlicensed software on any company computer, since they could make your company susceptible to malicious software downloads.
Suspicious links: Train your employees to avoid emailed or online links that are suspicious or from unknown sources, since they can release malicious software, infect computers and steal company data.
Email scams: Employees should be aware of scams and not respond to email they do not recognize.
Online fraud and Phishing: Train your employees to recognize common online fraud, phishing and web-browsing risks.
Social Media Policy: Your employees should know your policy on the use of a company email address to register, post or receive social media.
Protecting Computers: Your employees should routinely back up critical informations, and keep those backup copies in a secure location.
Source: https://www.travelers.com/resources/cyber-security/cyber-security-training-for-employees