This article discusses the need for regular cybersecurity training for employees to protect against phishing scams, social engineering attacks, and other common cyber threats in the workplace.
Today, companies are hiring security teams, CISOs and buying external support at rates unheard of a few years ago. When I started developing digital products in the 2000s you had to be your own security expert. The CISO function was invented in the mid-1990s, but until recently, many companies have not had a dedicated security function. It was up to the IT department to figure out what security measures had to be taken to secure the company’s data and critical assets.
Two recent developments have accelerated the need for better cyber security. First, government and private companies have moved nearly all systems online. Secondly, many companies now have a policy of moving applications and data into a public cloud system. As companies are becoming more vulnerable to cyber attacks, one of the most effective ways of protecting yourself against attacks is to train your employees to identify and prevent cyber attacks.
The most important aspect of employee security training is to create a cyber security culture in the organization. It is crucial that the CISO and the security team understand how the business works and how it generates money. This is necessary to implement the right technology and security measures that enables the business and maintain safety.
One issue many companies face is access to contractors and third party suppliers that need fast access to your development and test environments. Going through standard procedures for providing internal IDs might take several business days. This means that you can’t quickly onboard new contributors to your agile DevOps projects and valuable time and money is wasted.
The skilled CISO will find ways to enable the business while integrating security considerations into the development process. Enabling communication and collaboration between development, security and operations teams (DevSecOps), builds a culture of shared responsibilities in the organization. This brings us to the second part of the process; employee training that completes the cyber security awareness and maturity of your company.
Creating a security-conscious organization is about communication. Employees fall for phishing scams, download malware and re-use weak passwords because they lack the security awareness that comes with continued training. Even top quality security engineers fall for scams as it is in human nature to believe we are smart enough to avoid being fooled by cyber criminals.
Security training is an ongoing activity that doesn’t have an end date. As the threat landscape changes, employees need to be updated on the latest threats and best practices. The best training is also tailored to the different roles in the company as we are exposed to a variety of threats depending on our daily job tasks. Working from home has also introduced new challenges and new tools and guidelines are needed.
Our goal is to enable employees to work freely and safely online. Regular training, communication and cooperation between the different parts of the company can create the culture of security needed to keep your data and critical systems safe. Businesses must empower their employees with the right tools and training to achieve this goal.