Employee Training Must be a Cybersecurity Focus

Disclaimer: The views and opinions expressed in this blog are those of the author(s) and may not reflect the official policy or position of Excelsior College. Excelsior makes no claim regarding the suitability of the content for all audiences.

Not all that long ago, cybersecurity was generally viewed primarily, or even solely, as an IT issue. It was the IT department’s responsibility to protect the company from data breaches, and that was that. But this is no longer the case. On the contrary, cybersecurity has become so important and so wide-ranging that it is now critical for everyone within a given organization to contribute to these efforts. A siloed approach to cybersecurity is a recipe for disaster.

This makes employee training essential. Without training, workers will likely lack the skills and knowledge they need to adequately protect their companies’ networks from cyber attacks. And as the most recent Verizon Data Breach Investigations Report made clear, the cyber threats that organizations face are becoming more numerous, more sophisticated and more successful.

A dangerous environment
The Verizon report found that a significant portion of the examined data breaches was preventable. The cyber attackers were not necessarily unstoppable hackers. Rather, these cyber criminals took advantage of IT vulnerabilities that their targets should have sealed off previously. In a number of these instances, the flaws in question were discovered as early as 2007 when security patches were easily available, but simply not implemented. Using more sophisticated techniques, the cyber attackers managed to identify and utilize these security gaps.

Companies must patch security vulnerabilities as soon as possible.Companies must patch security vulnerabilities as soon as possible.

This finding suggests that IT teams must be more proactive when it comes to shoring up their defenses on a basic level. Additionally, there is a need for greater communication and collaboration between IT and the rest of the organization to ensure that IT professionals are fully aware of the devices and other entry-points they must defend.

“A huge percentage of data breaches can be traced back to human error.”

Preparing the team
Just as importantly, the Verizon report determined that a huge percentage of documented data breaches can be traced back to human error and employees’ misuse of IT assets. These two problems, combined with cyber criminals’ use of crimeware, accounted for 83 percent of all security incidents in 2014, up from 76 percent the year prior.

As the report made clear, companies need to take steps to cut down on these incidents. To this end, Verizon offered a number of recommendations. Among the most significant of these were to increase cybersecurity vigilance and “make people your first line of defense.”

How can organizations accomplish this goal? There are a few key steps that firms must enact. Crucially, businesses must take a close, honest look at their existing workforce to determine employees’ current cybersecurity skills and knowledge. This understanding can serve as the foundation for broader training efforts that can truly prepare a business’s workforce for the cybersecurity challenges they will inevitably face in the coming years.

Are you and your employees at risk for cyber attack? If the answer is yes, NCI offers online and in-person training catered to help protect your organization from cyber threats. To learn more about these courses, click here today.