How Often Should Your Employees Do Cybersecurity Training?

Written by
Rebecca Smith

Published
Jan 15, 2019

Jan 15, 2019 • by Rebecca Smith

The average data breach now costs companies around $4 million. Thus, it's vital for your business to avoid any data issues that could cripple your company.

There isn't a business model around that's built to ignore a $4 million loss, especially one that could happen year after year. If you haven't modernized your cybersecurity training, you need to update your method today.

Here are four reasons to update your training ASAP.

1. Whenever They Create a Password

If you haven't given your staff proper training on how they need to make their passwords, you're missing out on the easiest thing to learn in cybersecurity. Poor password management is also one of the most common problems that companies face. When they don't know how to make a strong password, your employees are going to make it easy to get hacked.

One simple training can help your employees to learn how to invent words that are meaningful to them but don't appear in the dictionary. They need to avoid making common mistakes like using names of pets or children. So many of your employees will use passwords like "password123" that you'll be shocked.

You should also be saving old passwords in your system so they can't be duplicated. Employees should be locked out every few months and forced to create a new password. Teaching everyone how to make better passwords is the kind of training that everyone from the mailroom to C-level needs to have a grasp on.

You also need to ensure you're clearing out any old credentials for anyone who doesn't work there anymore. Your employee accounts could become the perfect zombie accounts for some clever hacker to take over and start causing havoc with.

2. When Your Data Policy Changes

Every industry has a set of rules governing how data should be handled. Even if they're not codified into law, they're probably written by regulatory agencies or kept as "best practices." These policies and standards change pretty often so if there are any changes made, you need to retrain your staff on the policies.

Every year, your key employees should take a refresher on how to protect their own data and thereby your company. If you're in the healthcare industry, you'll find that HIPAA regulations are constantly changing and they come with legal ramifications. They require you to take your online communications seriously so that you protect the privacy of your patients and customers.

If you're in the legal industry or running a law firm, you face the same kind of needs. However, it's up to you to create a policy that works for your firm. It's challenging to ensure that you keep your clients protected while allowing all pertinent staff to know what's going on.

Consider your data as valuable as inventory, even if you're not running a sales operation. The data you have is your capital and if you let it get out to your competitors or even abuse the sensitivity of it, you give away your capital. When you can't be trusted with that value from your clients or customers, they're right to leave you behind.

3. When They Download Software

When you're in an industry where you need to download software tools, you might find that your employees don't know how to verify quality software from bad. If they don't know what they're putting on your machine, they could end up downloading ransomware. Most of your employees might not even know what ransomware means.

Most software needs to be updated on a semi-regular basis and if you don't have an IT staff to do it, it's up to your employees. It's likely your employees don't understand why it's important to update their software and keep their system up to date. The reason software needs to be updated so often is usually because of changes to security needs for operating systems.

If your employees don't know all this, they're going to lag behind on updates they don't think are necessary.

Some employees might seek out software solutions that they don't know are dangerous. If you give your employees admin access to the machines you have on site, they may get carried away trying to get all the tools they want. While this is empowering, it's treacherous territory for most business owners.

4. Whenever You Feel Training is Outdated

If your employees need to learn more about cybersecurity or the latest changes to monitoring, you need another training. If you've just gone through a data breach, you need to have training once you end up on the other side of things. While it's scary to go through security issues, it's important for you to have the most modern methods in place.

You also need to update the way you perform your training. In a lot of models, the training style is kind of negative. Most companies end up using a lot of scare tactics that frighten their employees into compliance. Instead, try rewarding your employees when they meet the metrics for best practices.

When people manage to keep breaches out, give a team a small prize. Following a training session, you should offer a free lunch to keep your employees engaged. It won't cost your company a lot and could save you millions to have everyone informed.

Run a few tests and teach them a few new terms so that they can communicate better when security issues arise. The best thing your employees can have is a strong culture of communication to mitigate issues.

Cybersecurity Training Should Stay Updated

You can't update your cybersecurity training just once and forget about it. You need to update it as often as possible to ensure that you're always up to date. Watch for changes in the IT departments of your industry to stay ahead of changes.

If you want to follow the way that IoT is changing the game, check out our latest guide.