This should be reason enough for organisations to invest in educating these users on effective security – but they often don’t.
Instead, it takes a really bad case of data theft to motivate most decision-makers – a trend we’re looking to reverse with our essential reasons for end-user security training.
1. It’s a GDPR necessity
Firstly, it’s the law. GDPR requires all businesses to provide guidance for employees when it comes to properly looking after company and customer data.
Now, you may argue that the employee handbook covers everything that a new member of your team needs to know about data use. However, should that member of staff mistake a phishing email for something genuine, you’ll be asked to evidence how you did everything in your power to prevent it.
A footnote in your employee handbook is obviously not everything in your power. As such, you would be expected to pay a hefty penalty and take a huge hit to your credibility.
2. You’ll wise up to phishing attempts
We’re not talking about emails concerning accidents you haven’t been in; nowadays, phishing attempts study your LinkedIn and company history to tailor their hacks.
Seriously – all attackers need is a little personal information to make their message appear authentic, and a member of your customer service team can sign away client data with the click of a link. We’ve seen hackers disguise themselves as IT departments recommending password resets, reference the favourite restaurants of victims, and even mimic invoice requests.
The only real way to prevent this is to provide comprehensive training on how to recognise attacks and spot false correspondence.
3. It improves password management
A password written down is an open door to your company information. Whether stored in a Word doc or jotted down on a sticky note, thieves have never had it so easy.
On the one hand, this is a behavioural issue. You need to explain to John in accounts that, while you appreciate that several passwords can be hard to remember, having them all stored together on paper is the equivalent of a master key for criminals.
