Human Resources Takes on Cyber Readiness: How to Mitigate Cyber Risks with Security Awareness Training

Reading Time: 4 minutes

Every year hackers come out of the woodwork to target various companies, specifically around the holiday season. In fact, cyber attacks are estimated to increase by as much as 50 – 60% over the holidays. With staff often spread thin and consumers taking advantage of online shopping and banking for added convenience, the timing is perfect for HR professionals to stay vigilant with how they onboard new employees with cyber education while encouraging good cyber hygiene among existing colleagues. Understanding the risks employees come across while online, how to train them to detect and mitigate these risks, and how you as an HR manager can ensure continued efforts to harden security posture will make you a cyber safety hero this holiday season!

While IT and cyber professionals are primarily responsible for securing a company’s networks and ensuring teams are up to snuff, the reality is that cyber risk extends beyond what occurs in the server room. Human error continues to be one of the top reasons cyber attacks are successful. This means that not only do security teams need to be trained, but cyber training across every department, with every employee who works on a computer, is essential to obtain and maintain good cyber hygiene across the company. If every employee in your organization understands how their actions can impact overall company security, more personal responsibility will be taken to maintain cyber safety.

Don’t fret! HR professionals need not be masters in cyber security. There are great tools out there to help anyone learn the basics and be able to share their foundational learning with others. So, what are some of the things you can learn and train employees on to mitigate attacks?

  • Phishing emails – With inboxes flooded daily, it can be hard to spot potential threats in emails. Hackers send targeted emails that may address a work-related matter from a co-worker or manager. One click on the wrong email, and you could be infecting your business device with malware. It is important every employee understand what suspicious emails “look” like and how to avoid nefarious click bait.
  • Using company devices for personal work – It’s an easy thing to do – grab a work device off the counter and start online shopping, emailing friends and family, or finally getting around to baking that chocolate chip cookie recipe from Martha Stewart. However, accessing un-secured sites and opening personal, and potentially phishing, emails on a work computer puts companies at risk. As an HR manager, you must recognize this common occurrence and be able to speak to it with your staff. If a hacker is able to gain access to a business computer through an employee’s personal use, they gain access to all of the company information on that employee’s device as well.
  • Using personal devices to conduct business – The same can be said for using personal devices to conduct business. It can be difficult to “turn off” after work hours and many employees answer some work emails on their cell phone, or load a work document on his/her personal tablet or laptop. When company staff access potentially sensitive business documents on their personal device, they risk leaking that information to a hacker. To prevent attacks company-wide, HR pros must be aware of how often this type of behavior occurs and work closely with their IT department to learn how company networks are secured when remote access is granted to employees outside of home and work IP addresses.

HR managers: Spread good cyber hygiene!

Security awareness training is becoming increasingly prevalent at companies that know what it takes to have good cyber hygiene. According to a recent report by Infosec, about 53% of U.S companies have some form of security awareness training in place. While this is still barely over half, it’s a start. So what can you do to rank among companies leading the charge in cyber security?

  • Offer continuous training – Cyber security awareness training is not a “one and done” event. This kind of training should continue throughout the year, at all levels of an organization, and be specific to different job roles within the company. Technology is always changing, which means the threatscape is too. When you are battling a constantly shifting enemy, your employees need to be vigilantly trained to understand each shift.
  • Perform “live fire” training exercisesLive fire exercises (LFX) happen when users undergo a simulated cyber attack specific to their job or industry. One example is having your IT department send out a phishing email. See how many people click on it and show them how easily they could have been hacked. This data can be used to show progress, tailor problem areas, and train to specific threats as needed.
  • Stress the importance of security at work and at home – Showing employees the benefit of cyber awareness in the workplace translates to awareness at home as well. Help prospective and existing employees gain a wide breadth of understanding about cyber best practices by making learning approachable instead of unattainable or intimidating.
  • Reward good cyber hygiene – Reward employees who find malicious emails or other threats with your company’s IT team and share success stories of how employees helped thwart security issues with vigilant “eyes” on suspicious activity. Equally, it is important to also empathize with employees who make mistakes and give them the tools to learn from their mistakes. Many employees receive hundreds of emails each day, and while training tips and education are helpful tools, it is not a perfect solution.

Training employees to be cyber aware can be difficult unless a structured program and management strategy is in place. We’re here to help! Circadence’s security awareness platform, inCyt, is coming soon! inCyt allows employees to compete in cyber-themed battles and empowers them to understand professional and personal cyber responsibility. By cultivating safe cyber practices in virtual environments, HR managers can increase security awareness and reduce risks to the business.

To learn more and stay in the know for upcoming product launches, visit www.circadence.com

Photo by Austin Distel on Unsplash

Photo by Alex Kotliarskyi on Unsplash

Operation Gratitude: 5 Reasons to Give Thanks for Cyber Security

Reading Time: 3 minutes

With daily breaches impacting business operations and security, it’s easy to forget about the good ways that cyber security keeps us safe behind the scenes. This holiday season, we’re giving thanks to cyber security and all that it does to make our lives easier and more secure with what we’re calling Operation Gratitude (inspired by our Project Ares missions, uniquely titled “Operation Goatherd” or “Operation Desert Whale”). #OperationGratitude is a rally cry for security professionals and business leaders to remember the positive aspects of cyber security and share those positive thoughts with each other. Too often we live in fear from cyber attacks and persistent threats, and while, there is always cause for concern, we must remember how advances in the field have equally made aspects of our digital life easier. We’re thankful for these advances in cyber security:

  1. Two-factor authentication – This tool helps to keep you secure by requiring two different credentials before allowing you to gain access to sensitive information online. One example of this would be when you log in to check your bank statements and it prompts you to not only enter your username and password, but also to check your phone and enter a verification code that was texted to you. You will normally see this security precaution used when logging into an account from a new device. The great part about it is, it’s widely known and used by everyone from CISOs to high school kids.
  2. HTTP(S) – You’ve likely seen this appear when visiting a URL online, usually showing up just before the “www” and website name. Http means HyperText Transfer Protocol. HTTP is the underlying protocol used by the World Wide Web, which defines how messages are formatted and transmitted, and what actions web servers and browsers should take in response to various commands. The “S” is for security, and this little letter means that all communication between your browser and your website is encrypted for your protection. This means that sites utilizing https are prioritizing your safety while performing sensitive transactions online!
  3. Personal digital responsibility – These days the average consumer is more connected than ever. With our lives relying on smartphones, computers, tablets, and a multitude of IoT devices, we are entrenched in cyber every single day. This reliance requires us to practice personal digital responsibility, or often called digital citizenship—that is, the ability to participate safely, intelligently, productively, and responsibly in the digital world. Just because we are more connected does not necessarily mean that we are more aware of cyber risks, however, initiatives such as Cyber Security Awareness Month (in October) are helping to increase awareness by promoting cyber citizenship and education. Circadence is proud to contribute to the security awareness and digital responsibility effort with the soon-to-be-available inCyt, a security awareness game of strategy that helps bring cyber safe practices into the workplace and cultivates good cyber hygiene for all (and you don’t have to be a technical expert to use it).
  4. Corporate security awareness trainings – Given that 25% of all data breaches in the U.S in 2018 were due to carelessness or user error, it is critical for companies of all sizes to engage their employees in persistent cyber training. Thank goodness there is an increase in organizations such as the National Cyber Security Alliance (NCSA) that provide risk assessments and security training to organizations across the U.S.
  5. Increased security collaboration – With more than 4,000 ransomware attacks alone occurring daily, no one business can mitigate the increasing amount of cyber risks present in today’s threatscape. It is more important than ever for businesses to share knowledge from breaches they have experienced and stand together to fight cyber crime, which is exactly what they’re doing! Nowadays these partnerships are being formed not only to share information, but to conduct live fire cyber readiness exercises. One such initiative is DHS’s National Cybersecurity and Communications Integration Center(NCCIC) – a 24/7 cyber situational awareness, management and response center serving as a national nexus of cyber and communications integration for the federal government, intelligence community, and law enforcement. The NCCIC also shares information among public and private sector partners to build awareness of vulnerabilities, incidents, and mitigations.

So, as you prepare your Thanksgiving meal from recipes pulled up on your tablet, with holiday music playing from your smart phone, and timers set by Alexa to ensure the juiciest turkey and tastiest pies, remember to give thanks for cyber security. We certainly are!

 

Photo by Simon Maage on Unsplash
Photo by Pro Church Media on Unsplash