Cybersecurity incidents can be a huge problem for businesses and individuals. Hackers using malware to steal data is often the scenario that people think about. However, research suggests that human error is as much to blame as hackers.
Research from the National Cybersecurity Center (NCC) shows the majority of security attacks stem from human error. The non-profit organization works closely with businesses to prevent cyber attacks. They stated that common sense practices need to be a priority at companies.
Link Risks to the Real World
Jonathan Steenland, COO of the NCC says companies need to link security risks to real-world scenarios. Employees cannot always understand how the loss of data equates to millions of dollars.
If employers can relate threats to personal data or an employees bank account, it can make the scenario easier to understand.
Make Training Easier
Steenland also thinks security training should be easier to understand. If the training could be delivered by the marketing team, he feels that it could be made more relatable and easier to digest.
While IT training delivers the information necessary, it uses too much jargon for many to understand.
Another suggestion is that companies let employees know tests will happen. Regular phishing tests or unauthorized visitors will show the company how the training is working.
Testing will also allow the company to see where weak points are and address them before an attack. Incentives could also be used to encourage staff to challenge visitors and report suspicious activity.
Add a Human Element
When training is delivered, it often addresses the technical side of the issues. By expanding the problems with a human element, employees can see the effect it has on people.
Trainers should mention how data loss affects a customers credit rating, or the need to change bank passwords and loss of money. This makes the employees think about more than the threat itself.
The NCC believes better training for staff and greater understanding of the problems is key.