How To Keep Your Employees From Being A Security Risk.

• Author: Andra, Jacob
• Position: Entrepreneur Edge

Cybersecurity is important. Obviously. Given all the prominent hacks of late, good cyber-hygiene should be top-of-mind in every company across the globe. But here's the thing, if you have any employees whatsoever, you are placing your company at risk.

YOUR EMPLOYEES ARE YOUR COMPANY'S WEAKEST LINK

Per cybersecurity firm Heimdal Security, "the human factor is the weakest link." That means the lion's share of the solution comes down to training. Unfortunately for those who must endure said trainings, they are often, quite frankly, boring. Monotonous concatenations of PowerPoint slides, techno-gibberish, and unmemorable quizzes, they tend to slip the mind the moment an employee escapes them.

Compounding the unpreparedness, upper management often underestimates the degree to which the company is vulnerable, as well as the potentially-catastrophic consequences of a breach. Almost certainly, one or more of the following mindsets feature prominently:

* If it ain't broke, don't fix it.

* Breaches happens to those other guys, but not to us.

* We'll deal with it when we need to--there's too much on our plate right now.

* Cyber-what?

* We held a training last year--what more are we supposed to do?

"A one-time training is not enough," says Josh Linton of Utah-based IT firm VLCM. "Employees should be trained, re-trained, reminded, and trained again." In other words, interminable trainings are here to stay.

BUT IS THERE A WAY TO MAKE TRAININGS FUN?

In the world of cybersecurity trainings, some firms opt for funny. Make them laugh, and they'll remember, right? Maybe ... and maybe not. Unless you've got a massive production budget and some serious talent on deck, funny usually comes off as cheesy.

Two employees-turned-temporary-actors appear onscreen in the white Guy Fawkes masks popularized by the hacktivist group Anonymous. We are to understand that these are hackers because of the masks--get it? They sit across a table from one another, pecking away at their laptops. "Oh, look," one chortles to the other, "this guy used his mom's birthday and his old address as his password." "Bingo!" responds his accomplice. Yes, this was an actual training. And yes, it was memorable.

Staged productions, however, have the drawback of limited scope: it's hard to convey the full scope of cybersecurity best practices in a skit. Usually, a company can communicate a concept or two--in the case of the above training, the main gist was the necessity of using complex, unique...