By Julie Jeffries, Director, Microsoft 365 and Security Business Group
When it comes to security, we all need to be in this together. Your employees are truly your first line of defense, and despite the statistics, when logged into the corporate network, our individual confidence of not falling victim to attacks boarders on superhero levels. Empowering your employees on security can help you reduce risk of data exposure to phishing and other cyber attacks by more than 14 per cent.
While many of us understand the importance of investing in employee training, it is not always easy to know where to start. We work with many different companies – large and small – to help empower and enable their security strategy. Below are some top tips we’ve shared with companies looking to create a cyber security culture.
Tip 1: Make it fun and avoid the “required training” mindset
I know, cyber security does not sound like fun, but the training can be. Consider creating training modules that your employees actually want to watch. There is a reason why we binge watch our favorite shows over the weekend, because we care about the dilemmas and how they worked out. And while you’re creating compelling content, why not consider module training throughout the year that builds off each other. This will ensure that employees want to continue on the learning journey, waiting to see what’s next. Gamification is another great way to add both a little fun and competitive nature to your training. Creating an employee security training program beyond just that once-a-year training teams click through to meet compliance requirements will do much more long term for gaining employee buy-in than just clicking a box.
Tip 2: Focus on your highest risk employees first
Statistics show that nearly one in three security breaches start with a phishing attack, costing the affected organization an average of $1.4 million USD. With a global increase in remote work, new attacks such as consent phishing have cropped up to take advantage of remote workers dealing with home-life distractions. In partnership with Terranova Security, Microsoft provides attack simulation training, a premium feature available with Microsoft Defender for Office 365. Attack simulation training empowers organizations to use real phish and hyper targeted training to educate your employees, measure behavior changes and automate deployment of integrated security awareness training, which is designed for diverse learning styles and in more then 12 language. Learn more here and to see a demo, click here.
Tip 3: Knowing why cyber security matters
When creating a cyber security culture, your employees need to know that it is matters. Being transparent about breaches within the organization, both big and small, lets your people know that they are the first line of defense. When a successful attack occurs, help employees know to remain alert and the importance of doing so. Providing examples of the instances, without naming names, helps employees understand real world scenarios and what can and has happened in their organization. When they know it’s in their own “backyard”, they may realize how “close to home” these scares can be and start to understand and mobilize.
Tip 4: Make it easy
No one in your organization actually wants to put the company at risk, but the more complicated the security procedures are, the harder it is for them to follow. Asking people to create a password with 15 characters including symbols and numbers, which they should never write down, is not easy for the majority of us. Evaluating security solutions that integrate into the productivity procedures your employees use each and every day, such as passwordless authentication options, increases employee buy-in and reduces the risk of missing complex procedures. If it’s seamless, it’ll get done. If it’s overly complicated, the interest of getting it done wanes which puts everyone at risk. We have some simple best practices that make it easy for your employees to remain productive and secure.
To help you get started on your employee training, Microsoft provides a Cybersecurity Awareness Kit delivered in partnership with Terranova Security as well as a wealth of end-user training modules and learning path modules.