Viewpoint: Educate your employees on easy ways to avoid hackers and scammers.

The day started out just like any other workday for Thomas. He drove in to work, flashed his badge to the security guard at the front desk, said hello to his desk neighbor and settled in at his workstation to address a backlog of emails in his inbox. That's when things went sideways.

A message from a vendor. A companywide announcement. Yet another "reply all" to an ongoing email thread. This morning's emails were nothing out of the usual. Then a strange email caught Thomas' eye: a request from corporate IT, asking him to update his company profile, including his date of birth, social security number, employee ID and account password.

With a pile of work to do, an all-hands meeting coming up in a few minutes and a million other things on his mind, Thomas clicked the link in the email and complied with request from IT. Having completed the task, he moved on with his busy day without a second thought. Little did he know, Thomas had just joined countless other victims of the most widespread form of cyberattack: the phishing email.

According to Verizon's 2021 Data Breach Investigation Report, 85% of cyberattacks last year included a human element. It is typically easier to trick a person than it is to bypass, break or hack a computer system. When cyber-criminals are planning their attack, the path of least resistance often leads them to target human weakness.

Thomas is not a bad employee. He has never clicked a phishing email before and is a stellar performer. He has attended company-mandated cybersecurity training twice per year. But his failure to spot a phishing email allowed an attacker to harvest his personal and company data, leaving him and the company more vulnerable to future attacks. Further, by clicking their link, Thomas has potentially allowed the attackers to access his company's network. This is how ransomware, malware and other crippling incidents happen.

What can be done? GI Joe says knowing is half the battle; the other half is training. While many companies mandate employees take time out of their schedules to attend PowerPoint-based presentations on the scary nature of the threat, rarely do businesses (outside of the Fortune 100) conduct real, meaningful training on this front. Having attended numerous slideshow presentations, I can confidently say that rarely do they "move the needle" in terms of our behavior outside of the classroom.

Here are a few features of a successful cybersecurity training and awareness program:

...

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT