Home » Empower Your First Line of Defense – Training Employees in Cybersecurity

Publication date: March 31, 2023

Empower Your First Line of Defense – Training Employees in Cybersecurity

Share this content

Written by Angela Polania

Angela Polania, CPA, CISM, CISA, CRISC, HITRUST, CMMC RP. Angela is the Managing Principal at Elevate and board member, and treasurer at the CIO Council of South Florida.

If your organization deals with sensitive information on a regular basis, you most likely have varying levels of digital security on your radar at all times. As cyber attacks become more sophisticated and frequent, it is essential for companies to prioritize cybersecurity training for their employees as a first line of defense. Research shows that in 2022, 80% of organizations suffered one or more breaches that could be attributed to lack of cybersecurity skills and awareness. Offering these trainings is one of the easiest ways an organization can protect its data and prevent human errors that create vulnerabilities. These trainings can educate employees on the latest cybersecurity threats, teach them how to identify and respond to potential attacks, and provide guidelines for maintaining secure practices.

Businesses are consistently putting themselves at risk due to poor practices when it comes to lack of education and training for their staff. There are a variety of best practices that employees can be taught, ranging from simple password safeguarding to recognizing phishing attempts and understanding the function and importance of firewalls and VPN’s. Cybersecurity training can also create a culture of security within the company. When employees are aware of the risks associated with cybersecurity and the importance of protecting sensitive information, they are more likely to be vigilant in their daily activities. By creating a culture of security, the company can mitigate the risk of cyber threats and help employees understand their role in protecting the organization’s assets.

You can train your people all day every day, but ultimately you cannot control their attention or retention. New research has found that only 10% of workers remember all of their cybersecurity training, causing companies to both waste time and money and expose themselves to further risk. While some have started offering regular security training courses to a select portion of their staff, many are still not requiring a significant percentage of their employees to engage in any training at all.

So how does a company increase training opportunities while addressing low employee engagement? 80% of workers interviewed by CybSafe reported that they are likely to act on security advice provided on platforms that they use on a daily basis such as Slack and Teams. 90% thought that security nudges on instant messaging platforms would be a valuable tool to help them retain their training information as well as encourage consistent vigilance.

That being said, internal employee communication seems to have fallen through the cracks in many organizations as 47% have not received any training at all for applications like Slack and Teams. It has been reported that workers are more likely to share login details in tools like Slack rather than email.
Executives from health systems and training experts have curated their approach to how they provide employee training to change behavior and acquire expertise in cybersecurity. During a recent panel discussion, it was concluded that the best way to educate and train employees on data security best practices is through short (3-6 minute) and frequent training highlight installments.

Privacy operations and product security expert Bill O’Connell shared: “I’ve run security and privacy training programs for probably 15 years. One of the things I’ve noticed is that sometimes there’s more information than people want or are ready for…You also have to figure out how to tailor the message because ultimately your goal is not just let me get the check mark that everybody sat through one hour of training —let me get them to behave differently. You might be better off going for some small wins. One year, we did three-minute videos, YouTube-length videos, and sprinkled them out throughout the year rather than the one-hour long training. Also, making it where there’s a baseline that you’d have to do that would offer more and make it relevant to the individual.” (MedCity News, 2023)

Providing cybersecurity training to employees can also help the company comply with various regulations and standards. Many industries and governments require companies to follow specific cybersecurity standards and regulations to protect sensitive data. Offering cybersecurity training to employees can help the company meet those requirements and avoid potential legal or financial consequences for non-compliance. There is no question in this day and age that cybersecurity training is an essential investment that can benefit the organization in multiple ways by protecting sensitive data, fostering a culture of security, and improving regulation compliance.

Not sure where to start? Connect with an Elevate specialist to discuss a plan of action for implementing cybersecurity training in your organization.

Related posts

Contact Elevate today to learn more about Cyber Security | Elevate Insights

Elevate // +1 (888) 601-5351 // Monday to Friday 9am-6pm