Curiosity doesn’t just kill the cat; it may be putting your small business data in considerable jeopardy. A recent study of 1700 students conducted by researchers at the Friedrich-Alexander-Universität in Germany found that even though users know a link from an unknown sender can pose a risk of infecting their computer with a virus; they will click on it anyway out of curiosity. Specifically, 56 percent of email recipients and about 40 percent of Facebook users clicked through on a link they received from an unknown sender despite the fact that 78 percent indicated in a follow-up questionnaire that they knew doing so posed a risk.
Considering the importance of protecting your small business data and network from the risks posed by hackers, the study is a good reminder that training your small business employees to be vigilant about security should be ongoing. Technology integrator ePlus addresses this very issue in an article on “Building a Security-Minded Culture,” recommending that in addition to having the right security technologies and controls in place, a company’s culture needs to emphasize security as one its values and in doing so change the way employees think about their role in protecting company information.
Among its suggestions to make security part of a company’s culture, ePlus recommends that the message needs to come from the top. The CEO of the company has to make security a top-level priority and communicate the importance of it on a regular basis. Also security training should be conducted as often as quarterly if necessary or annually at a minimum. And finally, security training needs to be a team effort enlisting people from various groups to offer suggestions on messaging, management programs and training initiatives.
Make security training meaningful
When it comes to training, it’s not enough to remind small business employees about not clicking on suspicious links, accessing company information over unencrypted public networks and visiting suspicious sites; you need to make the training meaningful and memorable. Here are some suggestions from Kaspersky Lab, the international software security group, in “Top 10 Tips for Educating Employees About Cybersecurity:”
- Consider different training formats, such as brown bag lunches
- As part of training, cite real examples, including those from news stories
- Employ company social channels to talk about security
- Provide step-by-step instructions about what employees should do if they think they have witnessed a cyber incident
- Make the training relevant to employees’ digital lives. Today’s millennials have been raised on mobile devices. Talk to them about the serious impact of a cyberattack on your small business and their jobs.
- Make it fun. Test employees about their cybersecurity knowledge and provide rewards for prompt answers, such as holding a company get together out of the office.
Also keep in mind, company information can be compromised by someone overhearing a conversation. Headsets that cancel out background noise make it easier to hear and be heard without raising your voice. Encourage employees to wear noise-canceling headsets in and out of the office when they are conducting calls that involve sensitive company and customer information.
Don’t leave cybersecurity to chance or curiosity. One wrong click can be a major setback to your small business and to your customers.