Why Security Awareness Training is the Most Important Tool in Your Cybersecurity Defense

When we hear the term “cybersecurity,” we tend to imagine un-crackable passwords, robust firewalls, biometric scanners, and teams of administrators continuously monitoring systems to ensure a network is healthy.

And these are all very good things — and without them, a network is indeed less secure. An un-hackable network, however, is worthless if your employees are a security risk themselves.

Simply put, not matter how secure and shored-up your network is, it only takes one single click to bring it all crashing down.

PHISHING — IT’S A PROBLEM BECAUSE IT WORKS

Security awareness training company, Knowbe4, routinely conducts email phishing tests for their clients. During these tests, Knowbe4 will send a “bait” email to the employees of their client, complete with a link that when clicked will let the employee know that they fell for a phishing scan.

Luckily, these bait emails won’t cause the company any harm — but these tests prove one important thing: phishing works. In fact, 62% of the phishing simulations Knowbe4 sent to clients hooked at least one set of user credentials.

Here is how it works:

  1. The user is sent an email stating that their account (email, bank, social media, etc.) has been hacked, and they need to act now to change their password
  2. The email provides a link to a webpage for users to input their current username and password, as well as a field to input a new password
  3. Once the user’s credentials are input, the information is then sent to the phisher

We all like to think we wouldn’t fall for something like this, but it happens quite frequently. Like everything in this world, phishing scams have become more and more advanced as they evolve. Rather than the usual “Your Facebook account was hacked, input your password before your account is locked” phishing email, hackers are now putting more time and effort into stealing credentials than ever before.

Perhaps one of the more common (and reliable) methods phishing emails use is to impersonate someone in a leadership or management role. Often, these emails will be marked urgent, and come with a message akin to: “Our CRM was hacked, I need your credentials now so we can solve the issue.”

You know — the kind of email that makes your blood start pumping so hard you can hear it in your ears. The kind of email that you rush to answer. And when we’re in a rush, we tend not to think. It is only after we’ve input our credentials, and have had a second to breathe, that we realize the mistake we’ve made. But by then, it is too late — the hacker got the information they need, and no matter how much security your network has in place, they will be able to break in to your systems.

HOW SECURITY AWARENESS CAN HELP

Security awareness training providers are the most effective method of preventing security breaches like those mentioned above from happening in the first place — and as 60% of companies that experience a security breach site employee negligence as the cause, it is actually more important than a good firewall or two-factor authentication, or any other security measure.

This is why it is so important to not only educate your employees about security risks, but to train them, and continuously test them. This is where security awareness training providers come in — as mentioned above, security awareness companies like Knowbe4 will send out fake phishing emails to their clients, usually once a week.

What this continuous testing does is keep your employees on their toes; since they know they can expect at least one test phishing email per week, they will be on the lookout for that email — causing them to look at every email with a critical eye, and keep the idea of a security breach at the forefront of their mind.

In addition to these real-world testing scenarios, security awareness training services will usually offer videos that introduce security best practices to employees, and help to provide guidance in how to effectively and securely interact with a business’ network. Since these videos are available at all times, your employees will have access to a wealth of up-to-date security-based knowledge during any given situation.

The best part is, security awareness training is not expensive, and usually costs a business about $5 per employee per month. If you’d like to learn more about cyber security and the risks businesses face, check out our blog The 5 Most Common Security Risks for Enterprise Networks.

Patrick Judy
Patrick Judy is an IT Solutions Specialist who originally began working for Cobb in 2010, and after a five year stint in Raleigh, North Carolina, returned to Cobb’s managed IT development department. Patrick specializes in consulting with businesses in order to help grow and maintain their enterprise ecosystems, and when he’s not working, he’s snowboarding (in which he has over 20 years of experience), or spending time with his family.