Now that everyone in your company has participated in basic cybersecurity awareness training and your IT people have done several phishing email exercises, it might be time for you to consider focused training for select employee audiences.
Hackers continue to get more sophisticated, so your training needs to continue to expand. Nigerian payment scams still exist, but new innovative scams that can be challenging to detect come up every day. For example, how many of your employees would open an email that was sent to then as a copy, titled, “Proposed Salary Adjustments”? Some studies say about 60% of recipients would open it.
Social engineering activities are burgeoning and your staff may need to see new examples of what types of scams are being used. The cybercriminals frequently target specific employees with spear phishing – scam emails that are focus on the employee’s role.
Potential high risk roles
CEO: She is busy, receives emails from many people outside the organization, and her profile may be readily available online or in pubic company documents. She may be the target for a spear phishing email, or others may impersonate her email address.
Social media manager: He is using social media for the good of the company, but may be inadvertently sharing details that a savvy hacker can leverage in creative ways in a cyber-attack.
Charity program manager: She is selling the company’s good actions and sharing details about when and where the management is involved with the community. The company’s employee list may be shared with a charity for PR reasons. Hackers love diverse information about employees.
Contract employee: He may have worked with your competitors and knows a lot about your business as well as other businesses. He could be leaking information without realizing the impact. Contractors should go through the same intense background checks as full-time employees and receive the same cybersecurity training. .
Executive assistant: She often has as many details about employees on her computer as the Human Resources manager. She keeps the CEO’s agenda and travel plans, all of which a shrewd hacker could use for cybercrime.
What your business can do
Have your key staff attend training beyond the annual basic course. Consider having a cyber security expert meet with them in small groups to discuss risks. Have the expert tailor training to specific job roles.
Ask your employees to think how someone might try to access your company confidential information and network. Then ask them what they can do to increase their protective actions for your business. They want your business to succeed and not be a victim to cybercrime so include them in the defense activities so they feel they are contributing along with the IT people.
Carolyn Schrader is a seasoned cybersecurity professional and founder of the Cyber Security Group Inc., providing corporate cybersecurity services to high profile clients.
Share on Facebook
Share on Twitter
I'm busy working on my blog posts. Watch this space!