Cyber Monday is rapidly approaching and that means employee shopping online at work and with company devices will increase dramatically. It’s a spree that’ll continue throughout the holiday season, in fact, a 2018 survey by Robert Half Technology found nearly two-thirds of professionals planned to do so, more than one-third saying they’d be “workshopping” at least a few times a week.
The majority of the decision-makers surveyed naturally wish employees wouldn’t. Productivity can suffer, but their foremost concern by a long shot (59%) is security. After all, with greater shopping activity, cyber criminals increase their activity. What’s more, each year it worsens; researchers at Carbon Black reported a massive 57.5 percent jump in cyberattacks during the 2017 holidays alone.
The most lucrative targets for hackers are businesses – and employees are often their way in. A staffer could innocently click on a link in a phishing email about reduced price gift cards and download malware onto the network. Customer records and credit card numbers could then be stolen, resulting in a breach with severe financial and reputational consequences. And with holiday vacations, security teams are often understaffed, so hackers would have an easier time evading detection.
This is just one scenario of many that contributes to heightened cyber risk for businesses around the holidays. That said, now is a good time to revisit training and make sure employees are informed and adhering to best practices.
The following might help.
How Chief Information Security Officers Should Respond to the Cybersecurity Crisis
Tone, Train, Test
Cyber theft is serious business, so be sure your top security leader – ideally the chief information security officer (CISO) – communicates across the enterprise and sets the right tone. They should discuss what’s at stake, detail company policy and what’s expected of employees, provide insight into special training and initiatives, and provide a way for employees to have any questions answered.
In Ponemon Institute’s 2018 Cost of a Data Breach Study, employee training was shown to be one of the most effective ways to decrease the costs of a data breach. That said, training resources should be readily available and recirculated; a company-wide refresher that encapsulates best practices could be particularly helpful. And to maintain peak cybersecurity vigilance throughout the season, updates on emerging threats and related topics like new preventative measures should be communicated regularly.
Most importantly, your IT team should run employee cybersecurity tests. There are plenty of modules available to see if employees will fall for malicious threats. It’s a simple, cost-efficient step that can prevent a lot of pain. And when handled as a learning experience and not punitively, employees will be more likely to share details and spread awareness.
Back to Basics
More than anything, you want basic cyber hygiene to be followed by employees – this will eliminate the greatest volume of threats. So, keep it simple and emphasize the fundamentals, such as the need to regularly change passwords, the dangers of using free or unlocked WiFi when traveling, what is and isn’t suitable to download on a company-owned device and more.
Give thought to threats employees are most likely to encounter. Phishing attacks remain the most common trick of cyber criminals, so educate employees on how to identify these. Make sure they know to look at the email address to see if it’s from a recognizable sender, that they preview link destinations before clicking on them. Alert them to signs that indicate it’s not from a legitimate source, like generic greetings, poor grammar and typos.
It might sound standard practice to you, but not everyone has the same cyber awareness.
Get in the Game
Yes, cybersecurity is a serious concern, and the risks are greatest during the holidays, but by turning training into a game you can get even better results. Exciting, hands-on experiences facilitate greater learning retention, so adding fun to fundamentals makes good business sense, too.
Virtual training cybersecurity labs can enable you to do this, and equally important, they’re the best way to ensure your cybersecurity team is always up-to-speed – throughout the holidays and into the future.
With cybersecurity training labs, you can upload even the most complex, real-world scenarios to the cloud for dynamic, hands-on training in safe, sandboxed environments. Gamify it with a problem-solving challenge and it’ll be an experience users won’t forget.
And, with no hardware or software installation needed, all you need is a browser and internet connection to deliver training quickly, easily and inexpensively whenever and wherever it’s needed.
That said, if you’re not using virtual training labs, it’s time to get in the game. So be sure to put it on your team’s wish list for the year ahead.
Are you a CISO with a resolution to do more? If so, check out this free e-book, “Under Attack: How Chief Information Security Officers Should Respond to the Cybersecurity Crisis.”