Why cyber awareness training needs to be part of your onboarding process
Human error has been consistently reported as one of the biggest threats to organisational cybersecurity. And since it’s easier (as well as less expensive and damaging) to pre-empt errors than to fix them, it’s logical to introduce cybersecurity awareness and training from the outset – regardless of whether an employee is new, returning to the workforce, or been-there-done-that.
Cybersecurity training ranks right up there with making sure a new employee understands the importance of not sharing confidential company information with friends over a beer, or failing to lock office doors if they’re last out.
While your HR team are undoubtedly experts at bringing new employees up to speed on company policies and procedures, it’s a good time to rope in your IT team (who live and breathe protecting your systems, networks, devices on a daily basis) to guide the delivery of cybersecurity training.
So, what’s important?
Keeping your business and its data and networks safe is a team effort and requires ongoing vigilance – so everyone has to get on board from the outset.
The best starting point is WHY being cyber savvy is so important and the consequences to the business and jobs if there’s a breach. Once employees understand the ‘why’, it’s easier to launch into HOW they can become be part of the solution. And then WHAT they need to watch out for – from dubious emails changing supplier bank account numbers, seemingly genuine phone calls asking for password verification, to logging on to lookalike ecommerce websites or leaving laptops un-screen locked and unattended, to using public Wi-Fi – and more!
With 75% of security breaches now attributed to successful phishing trips, any employee who uses email as part of their job becomes the weakest link in your defences. That’s why teaching your employees how to spot suspicious or ‘too-good-to-be-true’ emails (even before your IT team does) will pay off – big time. While newbies are often the most vulnerable to phishing, they can also - in time - become the most valuable weapons in your cyber defence arsenal.
And password training deserves a special mention too. Given that the majority of corporate data breaches involve stolen login credentials (IBM’s Cost of Data Breach Report for 2021 reports that compromised credentials accounted for 20% of data breaches), using lightweight (1234), predictable (password1), or recycled passwords (same-everywhere) is a mistake not just restricted to rookie users.
Onboarding is a bigger topic than ever, but maintaining cyber security and awareness is a team effort that should start the day a new employee walks in the door and continue right through to offboarding.