Human Resources Takes on Cyber Readiness: How to Mitigate Cyber Risks with Security Awareness Training

Every year hackers come out of the woodwork to target various companies, specifically around the holiday season. In fact, cyber attacks are estimated to increase by as much as 50 – 60% over the holidays. With staff often spread thin and consumers taking advantage of online shopping and banking for added convenience, the timing is perfect for HR professionals to stay vigilant with how they onboard new employees with cyber education while encouraging good cyber hygiene among existing colleagues. Understanding the risks employees come across while online, how to train them to detect and mitigate these risks, and how you as an HR manager can ensure continued efforts to harden security posture will make you a cyber safety hero this holiday season!

While IT and cyber professionals are primarily responsible for securing a company’s networks and ensuring teams are up to snuff, the reality is that cyber risk extends beyond what occurs in the server room. Human error continues to be one of the top reasons cyber attacks are successful. This means that not only do security teams need to be trained, but cyber training across every department, with every employee who works on a computer, is essential to obtain and maintain good cyber hygiene across the company. If every employee in your organization understands how their actions can impact overall company security, more personal responsibility will be taken to maintain cyber safety.

Don’t fret! HR professionals need not be masters in cyber security. There are great tools out there to help anyone learn the basics and be able to share their foundational learning with others. So, what are some of the things you can learn and train employees on to mitigate attacks?

  • Phishing emails – With inboxes flooded daily, it can be hard to spot potential threats in emails. Hackers send targeted emails that may address a work-related matter from a co-worker or manager. One click on the wrong email, and you could be infecting your business device with malware. It is important every employee understand what suspicious emails “look” like and how to avoid nefarious click bait.
  • Using company devices for personal work – It’s an easy thing to do – grab a work device off the counter and start online shopping, emailing friends and family, or finally getting around to baking that chocolate chip cookie recipe from Martha Stewart. However, accessing un-secured sites and opening personal, and potentially phishing, emails on a work computer puts companies at risk. As an HR manager, you must recognize this common occurrence and be able to speak to it with your staff. If a hacker is able to gain access to a business computer through an employee’s personal use, they gain access to all of the company information on that employee’s device as well.
  • Using personal devices to conduct business – The same can be said for using personal devices to conduct business. It can be difficult to “turn off” after work hours and many employees answer some work emails on their cell phone, or load a work document on his/her personal tablet or laptop. When company staff access potentially sensitive business documents on their personal device, they risk leaking that information to a hacker. To prevent attacks company-wide, HR pros must be aware of how often this type of behavior occurs and work closely with their IT department to learn how company networks are secured when remote access is granted to employees outside of home and work IP addresses.

HR managers: Spread good cyber hygiene!

Security awareness training is becoming increasingly prevalent at companies that know what it takes to have good cyber hygiene. According to a recent report by Infosec, about 53% of U.S companies have some form of security awareness training in place. While this is still barely over half, it’s a start. So what can you do to rank among companies leading the charge in cyber security?

  • Offer continuous training – Cyber security awareness training is not a “one and done” event. This kind of training should continue throughout the year, at all levels of an organization, and be specific to different job roles within the company. Technology is always changing, which means the threatscape is too. When you are battling a constantly shifting enemy, your employees need to be vigilantly trained to understand each shift.
  • Perform “live fire” training exercisesLive fire exercises (LFX) happen when users undergo a simulated cyber attack specific to their job or industry. One example is having your IT department send out a phishing email. See how many people click on it and show them how easily they could have been hacked. This data can be used to show progress, tailor problem areas, and train to specific threats as needed.
  • Stress the importance of security at work and at home – Showing employees the benefit of cyber awareness in the workplace translates to awareness at home as well. Help prospective and existing employees gain a wide breadth of understanding about cyber best practices by making learning approachable instead of unattainable or intimidating.
  • Reward good cyber hygiene – Reward employees who find malicious emails or other threats with your company’s IT team and share success stories of how employees helped thwart security issues with vigilant “eyes” on suspicious activity. Equally, it is important to also empathize with employees who make mistakes and give them the tools to learn from their mistakes. Many employees receive hundreds of emails each day, and while training tips and education are helpful tools, it is not a perfect solution.

Training employees to be cyber aware can be difficult unless a structured program and management strategy is in place. We’re here to help! Circadence’s security awareness platform, inCyt, is coming soon! inCyt allows employees to compete in cyber-themed battles and empowers them to understand professional and personal cyber responsibility. By cultivating safe cyber practices in virtual environments, HR managers can increase security awareness and reduce risks to the business.

To learn more and stay in the know for upcoming product launches, visit www.circadence.com

Photo by Austin Distel on Unsplash

Photo by Alex Kotliarskyi on Unsplash

8 Tips to Keep Your Small Business Cyber Safe this Holiday Season

The holiday season is a time of giving, however, for hackers it can be a time of swindling. We are all susceptible to cyberattacks, but small businesses can hurt the most from the fall out. With limited staff numbers, small IT departments (if any at all), and no money allocated toward remediation, it is of the utmost importance to protect your small business, especially over the holidays. So, what can you do to protect yourself?

  1. Understand your vulnerability by industry – While every industry can be targeted by scammers, there are some more at risk than others. Specifically, retail, automotive, manufacturing, and financial. Not only do these industries process a lot of sensitive data and large quantities of money, but they also use automated process and many interconnected devices which are vulnerable to cyber attacks. Assessing your risk is the first step in preventing it.
  2. Adopt a cyber security policy – Whether you’re a sole proprietor or a company with 5,000 employees, cyber criminals are targeting your business. Smaller businesses may not have controls, processes, or policies in place for cyber security defense and offense. There are several options for securing a comprehensive cyber security plan such as a managed service provider (MSP), a systems integrator or security system provider, or a cyber security consultant. Take the time to put together a comprehensive policy for your employees to learn and reference.
  3. Educate employees on cyber risks and prevention – It won’t do you any good to adopt a cyber policy if you don’t train your employees on risk awareness and staying safe online while working. Ensure you utilize persistent, hands-on learning, such as a cyber range, to keep employees abreast of the latest threats while building confidence in their abilities to recognize threats and suspicious activity.
  4. Beware of popular scam tactics used against small businesses – From overpayment scams to phishing emails, hackers will try just about anything to get to your money and sensitive information. Be wary of anything that looks or sounds suspicious such as calls from unknown persons, pop-ups, and unfamiliar websites, only open emails from trusted sources, and NEVER give your credit card or personal information to anyone you don’t know whether over the phone, by email, or in person.
  5. Secure WiFi Networks – These days all businesses require WiFi to operate, so you need to ensure your network is safe. Hide your network, which you can do by googling instructions or working with your internet provider, so that your router does not broadcast the network name (or SSID) and ensure that a password is required for access. Be sure you change the administrative password that was on the device when first purchased as well to a complex password only you will remember. Setting up a private network for employees and offering a guest network to customers is a great way to keep customers happy while ensuring your cyber safety.
  6. Make backup copies of important information – Regularly back up data on every computer used in your business including documents, spreadsheets, financial and personnel files, and more. You can do this through many channels from uploading files to an external hardrive, USB, the cloud, or using a paid data storage site.
  7. Install and update antivirus software – Every device you use for your business needs to be protected with antivirus, antispyware, and antimalware software. You will need to purchase this software either online or from a retail store and will need to assess your specific needs based on a variety of factors, such as the type of operating system you use (mac or PC) and your budget. Here is a handy guide for things to consider before purchasing antivirus software. Be sure you install and update antivirus software regularly to ensure the newest and best iteration is at work protecting your sensitive information.
  8. Install a VPN – A virtual private network (VPN) is a software that enables a mobile device to connect to another secure network via the internet and send and receive data safely. If you regularly use your smartphone to access secure information for your small business, it can be technology that is well worth investing in. Setting up a VPN is a simple task but depends on what operating system you use. Check out this great article that guides you through VPN set up for various systems.

By following these tips and tricks, you can ensure that your business stays protected and profitable. Cyber security is an ever-changing field, and businesses must continually adapt to new attack methods and be able to defend themselves. Keep the latest in cyber training at your fingertips with Circadence’s inCyt security awareness game of strategy and if you have a small security team/IT professional, consider our flagship immersive, gamified cyber learning platform, Project Ares for advanced cyber training. We wish you a safe and happy holiday season!

Photo by Aryan Dhiman on Unsplash
Photo by You X Ventures on Unsplash