Your Employees Can Be the Best Cybersecurity Defense

2/24/2021 - By Bob Woock, MCSE

Cybersecurity continues to be a major topic of discussion everywhere you go and shows no signs of slowing down. Every month there are news reports about organizations being breached, their sensitive information stolen, and then sold on the dark web. In the latest attacks, we find that hackers are taking control of networks, encrypting and locking away files, then demanding sizable ransoms to unlock the files. On top of that, these bad actors search the data for potentially damaging information and begin using it to blackmail individuals and organizations.

From ransomware to phishing attacks, the new normal is not if your company will get breached, but when. As a result of these attacks, many companies look to take out cybersecurity insurance and find that these insurance companies are now asking if businesses are providing cybersecurity awareness training to their employees as part of the policy requirements.

Several studies have found that 60% to 75% of cybersecurity incidents are the result of a lack of knowledge and understanding amongst an organization's employees. However, a majority of the money spent to protect systems is on creating technical defenses against external threats and not so much on training your best defense, employees.

The good news is that an organization can quickly get their employees up to speed and trained to recognize potential attacks, especially when it is happening in their inbox. Symantec found that a staggering 92.4% of malware is delivered as an attachment or a link in a malicious email. The primary defense for this type of attack is to set up multiple layers of filters to scan incoming emails and remove the threat before it reaches an employee. Though these systems are good at what they do, they are not perfect. This is where cybersecurity awareness training comes in to reduce the chances of an attack being successful.

When an email does slip through, and your staff has been trained, they recognize the signs of a Trojan horse and prevent the attack. This sounds great… right? Most business owners and managers know that it is hard to get employees to take the time out of their schedules to attend a critical training and it may be even more difficult to manage that training for it to be successful.

The information technology team at Saltmarsh knows just how to help clients get the employee training needed cybersecurity awareness. We prepare the curriculum and set up the platform to accommodate various training videos and weekly quizzes for your team to complete. As the business owner or manager, you receive reports on your employee’s progress. The training content is kept fresh and covers a wide variety of topics concerning cybersecurity. By using a weekly or biweekly drip campaign for training, your employees continue to stay educated and aware of potentially harmful content.

To accompany this training, we recommend periodic real-world testing using fake phishing attacks to make sure your employees are staying alert and retaining the knowledge. We also recommend a quick debrief after a fake phishing attack to go over the results to further enhance your employee’s awareness.

By combining application and gateway security services with employee awareness training and fake phishing attacks, your employees will become your best defense against cybersecurity attacks.

Learn more about our ransomware solutions and how you can educate your employees here.

About the Author | Bob Woock, MCSE
Bob is a manager in the Information Technology Services Department of Saltmarsh, Cleaveland & Gund. His company merged with Saltmarsh in May 2017, providing enhanced IT support and expertise to clients in our growing Central Florida operations. Bob’s primary areas of experience include providing IT support for medium and small businesses across various industries such as manufacturing, accounting, and healthcare.