5 employee cyber security training questions you need to ask

By Veriato Team

Chances are your organization already addresses cyber security to some extent in new employee onboarding. Whether that’s traditional training videos on cyber security that employees watch on their own time, presentations by IT, or brochures, most employees know that their companies have cyber security protocol and best practices. But how many of your employees actually know what the protocol and practices are?

In 2016, the average cost of a data breach was $3.62 million. And according to a study by the Poneman Institute, careless workers are the leading cause of data breaches in small and medium-sized businesses. If you want to improve your business’s cyber security, it’s time to get serious about employee education and cyber security training. You can start by asking these questions about your employees’ training:

  1. Is your information relevant?
    Everyone should be familiar with the basics of cyber security, but not all employees need a complete cyber security education. HR professionals, for example, generally have access to sensitive data such as social security numbers and bank numbers, so they will need special training on how to safely handle that information. But to a new marketing team member who can’t even access those SSNs – that security training wouldn’t be applicable. Tailoring your cyber security education to specific jobs will help your employees stay engaged throughout the training – and hopefully remember and implement what was covered.
  2. Is your information understandable?
    The cyber security world is chalk full of jargon. To the average employee the words “Ransomware,” “DDoS,” “patch” and “worm” just don’t have any context when it comes to their job. Not only will they not understand you if you launch into cyber-speak, they might feel unintelligent, and just tune you out. Speak their language, not yours. A Forbes article also suggests keeping your cyber security training short; try a few quick 10-minute sessions instead of an hour-long training. If you break the training up, it will be easier to digest and remember.
  3. Have you told them WHAT TO DO with this information?
    The basics of cyber security are great, but make sure you are sharing how to implement the security measures. Do you want employees to go change their passwords? Tell them some good rules of thumb for creating strong ones. Do you want everyone to update software? Tell them about auto-updates and show them how they can set it up. Giving employees action items turns cyber security from an abstract idea into a goal they can work to achieve.
  4. Do your employees understand why it’s important?
    You know how costly security breaches can be. You know the consequences of employee negligence. So tell your employees. If they see how simple steps to improve their security can impact business operations, they’re more likely to take those steps. All of us are more likely to do something if we understand why we are supposed to be doing it. It won’t bring about 100% compliance, but it will help your employees to know you aren’t making demands just to make their lives more complicated – you’re asking for help in making a real difference in the business.
  5. Have you covered the basics?
    Everybody could use a refresher on the fundamental rules of cyber security. Even if a few employees do roll their eyes, chances are some of them have been using the same password for years – so they really should be hearing it again. In an interview with Fortune, the CEO of the Computing Technology Industry Association said, “Behavior changes really only happen through repetition, follow-up, and emphasis. It takes a long time to instill new habits.”

If we want to mitigate our employees’ risk, then we need to get serious about how we educate them about information security. If we honestly evaluate our cyber security training methods, we could probably all make some improvements. And that could make a real difference.

2023 Preparedness Checklist: Ensure Your Workforce Is Productive and Secure

This guide will help you understand where there are opportunities and risks in your workforce, and what you can do to make sure 2023 is as secure and productive as possible with workforce behavior analytics.

About the author

Veriato Team
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Quis ipsum suspendisse ultrices gravida.

Productivity & Insider Risk Resources

Bossware and the Future of Work

Bossware and the Future of Work

Recently, there has been considerable coverage of “bossware” and a focus on draconian types of “surveillance” some companies are using to stay on top of remote and flexible workforces. Articles claim companies are accessing the camera on laptops and tracking every...

The Myths and Truths of Employee Monitoring

The Myths and Truths of Employee Monitoring

Early in the pandemic, searches related to “how to monitor employees working from home” increased by 1,705%. Without the oversight of managers in an office setting, many companies are concerned that their employees are less productive, and that there is an increase...

When To be Suspicious About Work-From-Home Employees (or Not)

When To be Suspicious About Work-From-Home Employees (or Not)

Perhaps someone doesn’t answer a Slack message as quickly as they should, or they have long hours blocked on their calendar. Maybe someone doesn’t seem motivated during team meetings or they are slow to complete work. While research has shown that overall,...