Stronghold team

8 critical components of employee cybersecurity training

Every business, no matter the size, is vulnerable to cyberthreats. That is why having the right cybersecurity measures in place is absolutely essential to the success of your business.

Employees are on the frontline of your business working with your technology every day. Because of this, they are the most critical part of your organization’s cybersecurity. It is essential that they be well-trained and confident in their ability to recognize and respond to cyberthreats.

Learn the 8 critical components of your employee cybersecurity training.

1. Email usage

A majority of businesses rely on email daily for both internal and external communications. Because email is the primary delivery method for malware, it is important that all employees understand responsible email usage.

Employees should be cautious when it comes to opening emails and email attachments under the following conditions:

  • Received from a stranger
  • The content or tone of the email sounds unusual or out of character
  • Contains odd spellings or strange characters
  • The attachment is an unusual file type
  • The attachment is not cleared by your antivirus software

Email scams are common, but with some training, your employees will be better able to spot fraudulent emails instead of falling for them.

woman writing an email

2. Unauthorized software

Downloading software from unknown sources is one of the easiest ways for malicious software and viruses to infect computers.

red divider

Even something that looks innocent, like a game, could contain spyware, ransomware, or other malicious code.”

red divider

Consider a policy regarding what software may or may not be installed on company computers. Ensure that your employees understand that policy and are able to identify software that may be a threat. When installing software, train your employees to look for software that has a valid SSL Certificate.

3. Internet usage

Similar to email usage training, smart internet usage training is also important. Train your employees not to click on unfamiliar internet links or links from suspicious sources. These links may download malicious software, which can infect computers and put company data at risk.

It is also important to establish safe browsing rules for internet usage in the workplace and to educate employees on these guidelines.

person using internet

4. Passwords

Train your employees to select strong passwords.

red divider

A report by Trace Security found that 81% of data breaches are connected to poor passwords.”

red divider

When it comes to choosing a strong password, keep the following tips in mind:

  • Use a combination of letters, numbers, and special characters (as allowed). Avoid using complete words or names.
  • Get creative! Never use: 123456, iloveyou, qwerty, password, abc123, or monkey. If it doesn’t seem original, chances are it’s not difficult to guess.
  • Try to choose something memorable, while also cryptic enough that it cannot be easily guessed. Consider using a unique acronym for a sentence that is meaningful to you.
  • Avoid using personal information such as your name, family names, pet names, birthdates, or your company’s name.
  • Never share passwords with anyone, including co-workers, family members, roommates, and friends.
  • Use a unique password for each device and account.
  • Change your passwords regularly. Do not reuse recently used passwords.

Related: 10 online habits that hackers and malware love

5. Social engineering

Social engineering is the term used for manipulating others so that they will give up confidential information. It is more commonly known as “phishing”. According to Verizon’s annual Data Breach Investigations Report,

red divider93% of successful data breaches involve phishing and pretexting.”red divider

Train your employees to be cautious if they receive an email or social media communication from a trusted source with a compelling story or pretext, such as any of the following:

  • A request for urgent help. Your friend is traveling in a foreign country and has fallen into bad circumstances, leaving her without money. She needs you to wire money right away so she can get home.
  • A request to donate to a charitable fundraiser or other cause. The cause or fundraiser may be legitimate, but the link or other payment method provided may not be.
  • Asks you to verify your information. Often these requests look very official and come disguised as an email from a financial institution. They will likely ask you to fill out and submit a form.
  • An unusual request from a boss or co-worker. Your co-worker asks for an update on an important project, for company credit card information, or other confidential information they should already have a handle on.
  • You’re a winner! These are the emails that claim to be from the lottery, the IRS, the lawyer for a dead relative that doesn’t exist… In order to collect your winnings, you must provide personal information or perhaps your bank account information.

Most of these attempts are successful when people act without thinking. Train your employees to pause before responding to any type of email that’s asking for money or information. A quick call to the friend, family member, or co-worker in question can quickly verify whether the request is authentic.

person using social media

6. Personal devices

Most employees access work from both personal and work devices. It is important to communicate your mobile device policy to your employees, regarding both company-owned and personal devices. Mobile device policies are sometimes called BYOD (Bring Your Own Device) policies.

Related: Device security: the 3 biggest tips to keep your smartphone data secure

7. Social media usage

Social media, much like email, is likely to be used as a venue for social engineering and malware attacks. Most employees have social media accounts, therefore it is wise to educate your employees on social media policies. This includes whether employees are allowed to use a company owned email address to register or post to social media.

8. Follow-up

Timing is everything. As quickly as new technology develops, new cyberthreats are developed to target them. By regularly implementing cybersecurity training for employees you’ll make sure they are always aware of the latest threats. Encourage a corporate culture that values the importance of the cybersecurity and the role that all employees play in managing cyberthreats.