Are your employees savvy about potential cybersecurity risks to ensure they're using the Internet safely? How about being able to identify phishing threats or protecting data?
Those are among the cybersecurity topics that employees from a variety of industries often answered incorrectly, according to an audit from cyber tech provider Proofpoint. Employees who had undergone security training were asked questions on 14 cybersecurity topics, including their understanding of unintentional and malicious insider threats.
Cybersecurity training must cover these topics regularly if employers hope to change workers' behavior., Proofpoint said in its fifth annual State of the Phish 2019 report.
SHRM Online collected the following articles from its archives and other trusted news outlets on this topic.
Employees Flub on 1 in 5 Cyber Training Questions
A recent security awareness audit concluded that workers who take security training choose the right answers to cybersecurity questions only 78 percent of the time. The findings are based on an analysis of questions Proofpoint asked its customers across a variety of industries.
That's not good enough. Organizations need to educate their workers to bolster their understanding of cybersecurity risks and issues, according to Proofpoint.
As cyber attackers increasingly focus their attention on people, not technical defenses, organizations should take a people-centric approach to cybersecurity, the company says in its State of the Phish report.
[SHRM members-only tools and templates: Laptop Security Policy]
5 Top Cybersecurity Concerns for HR in 2019
Security experts say there are a number of data security issues that human resource information technology leaders should pay close attention to this year. Here are their tips for minimizing risk.
The Growth of Ransomware Extortion Demands
Ransomware is becoming an increasingly common cause of cyber loss for businesses, according to the NAS Insurance 2019 Cyber Claims Digest. Findings are based on an analysis of 2018 claims data.
And costs go much further than just the ransom payment. Technical and legal expenses associated with negotiating and paying the ransom can triple or quadruple the cost of resolving the issue. It's not uncommon for expenses to go beyond $70,000.
(Insurance Business Magazine)
Viewpoint: Are Your Employees Really Engaging with Security Awareness Training?
Does your organization have a formal security awareness and training program? I'm constantly surprised at how often the answer is an awkward and uncomfortable "no." Implicit in the awkwardness is the recognition that such a program is a critical piece of a strong security strategy. Without awareness and training, it's likely that security will not be front of mind for your end users—but that doesn't mean that organizations with formal programs are effectively engaging their employees.
Five Strategies to Get Employee Buy-In For Security Awareness Training
Last year, the FBI reported a staggering $12.5 billion has been lost due to e-mail fraud, underscoring the critical risk that exists each time employees open their inboxes. A single weaponized e-mail could lead to a substantial data breach or financial loss.
But how can HR teams secure employee buy-in for cybersecurity best practices, while avoiding training burnout? The answer is empowerment.