TOPYX LMS Blog | Learning Management Insights and News

Employee Training in Cybersecurity: 4 Tips and Techniques

Written by Simon Cooper | October 21, 2021

Today’s cybersecurity landscape is grim. This is due in large part to the COVID-19 pandemic, which has made organizations more vulnerable to cyber attacks. 

“Recent trends, side effects of a global pandemic and cybersecurity statistics reveal a huge increase in hacked and breached data from sources that are increasingly common in the workplace, like mobile and IoT devices,” explained the Varonis blog.1 “On top of this, COVID-19 has ramped up remote workforces, making inroads for cyber attacks.” 

As a result of the pandemic, the rate of cyber attacks has skyrocketed. For example, the Retarus corporate blog explained that Google has registered an excess of 2 million phishing sites as of January 2021.2 “...this is up from 1.7 million in January 2020, which equates to a 27% increase in 12 months,” the source stated. 

Here are some other recent cybersecurity statistics, reported by TitanFile3


These statistics shouldn’t scare organizational leaders. Instead, they should push them to take steps to keep cyber attacks to a minimum. “The alarming cybersecurity statistics for 2021 and beyond are a call to action for all company leaders around the world to take risk management more seriously,” the article Alarming Cybersecurity Statistics for 2021 and the Future stated.4 

One of the most effective actions organizational leaders can take to prevent and mitigate cyber attacks is to provide cybersecurity training for end users (i.e., non-IT employees).  

Fight Cyber Attacks with End-User Cybersecurity Training 

Training end-user employees in cybersecurity protocols is the most powerful tool companies have against cyber crime. Why? Because human error is a huge risk to an organization’s information security, explained Compudata: 

“When you create (end-user) security training and teach cybersecurity awareness you are reducing your risks. It’s important to educate employees on the importance of protecting sensitive information and what malicious threats to look out for.”5

Preventing many cyber attacks can be as simple as providing a few hours of basic cybersecurity training to your end-user employees. However, creating cybersecurity training for end users may seem overwhelming to organizational leaders who are putting all their energy into navigating the pandemic successfully. With a few tips, leaders can provide non-IT workers with essential cybersecurity training more easily. 

Keep Learning: “Why You Should Create a BYOD Culture for Your Employees (and How to Do It)

4 Tips for Training Non-IT Employees in Good Cybersecurity Practices

With hackers growing in scale and skill each month, it’s important to develop strategies to combat a breach in your company’s systems. Here are a few tips for creating and deploying basic cybersecurity training across your organization as soon as possible:

Tip #1 – Educate employees about social engineering scams

Social engineering scams are often difficult to detect. Hackers design graphics to appear normal so that people click without thinking twice. Since one click can give someone with malicious intent access to an entire network, end-user employees should be instructed to: 

  1. a) Never click on an unknown or suspicious link while using a corporate device, or any device connected to your company’s learning management system (LMS) or other learning platform. 
  2. b) Never answer questions from an unknown person, even if they say they are an employee, over the phone about the company.

Kaspersky Lab said end users should “Physically unplug their machine from the network (if suspicious activity is detected).”6 They should also let their manager know about any suspicious emails, unusual activity, or lost mobile devices. “If they can’t find their emergency IT number in 20 seconds or less, they should start memorizing...” 

In addition to training end users in how to recognize social engineering scams and avoid getting drawn into them, you should also provide training in best practices for passwords. 

 

Tip #2 – Make end users aware of best practices for passwords

There is real danger that comes with failing to create strong passwords at work as weak passwords cause networks to be susceptible to data breaches. In fact, hackers have stolen at least 555 million passwords and published them on the dark web since 2017, reported CNet Tech.7  

Safe password creation should be part of basic cybersecurity training for end users. When putting together your cybersecurity training program, suggest the following best practices for creating passwords:

  • Use a different password for each site you visit while on the company network.  
  • Employ the use of two-factor authentication when possible. 
  • Do not share your password with anyone, even a close family member. 
  • Do not enable browsers to remember your passwords/automatically enter them for you. 
  • Make logging off a habit. 

Also, it is vital that passwords be longer than eight characters. “Strong passwords are longer than eight characters, are hard to guess and contain a variety of characters, numbers and special symbols,” wrote CNet Tech.

Tip #3 – Ban potentially dangerous downloads

 

Sometimes, downloading something as innocent as a screensaver can compromise company data. When creating cybersecurity training for end users, encourage employees to never download a screensaver on the company network. Enforce this rule by restricting screensavers to the default options available on the most current version of Windows. 

Screensavers aren’t the only potentially dangerous download end users should steer clear of. Microsoft Office documents can be just as threatening. The Kaspersky Daily blog explained, 

“Microsoft Office files, especially Word documents (DOC, DOCX), Excel spreadsheets (XLS, XLSX, XLSM), presentations, and templates, are also popular with cybercriminals. These files can contain embedded macros — small programs that run inside the file. Cybercriminals use macros as scripts for downloading malware.”

The blog noted these attachments commonly target office workers and are disguised as bills, contracts, tax notifications, and other urgent messages from those supposedly in management positions. Educate end users about the threat of downloading these Microsoft Office files and ensure they know what a safe file looks like, as well as an unsafe file.  

Tip #4 – Have end users keep physical materials secure, such as notebooks containing passwords

It’s easy to get into the habit of leaving notebooks containing important data out at the end of a work day. This is a bad practice as it can give unauthorized users access to passwords and online information. Symantec stated, “All notebooks should be secured after business hours in a cabinet, in a docking station or with a cable lock.”10

It’s fine for end users to store passwords in a notebook. However, it could be easier and more secure for them to simply use a password manager. “A password manager, also called a password vault, is a software application that stores and organizes your usernames and passwords,” stated an article by Norton.11 “Some password managers even have the capability to generate complex passwords unique to each of your online accounts. A password manager also provides strong encryption. All you need to do is remember one master password to unlock them all.”

If you choose to allow the use of a password manager, be sure end users know which password managers are approved by the company.

Related Reading: “3 Tips to Promote Work-From-Home Success During the Coronavirus Pandemic

Deliver Cybersecurity Training to End Users with an LMS 

Cyber attacks are at an all-time high. Statistically, they will increase. Providing basic cybersecurity training for end users will help protect your company’s sensitive data from being compromised.

The best way to deliver cybersecurity training for end users is through a learning management system (LMS). An LMS makes it possible for employees to securely access end-user cybersecurity training on their personal mobile devices and/or company devices. If you choose to buy cybersecurity training from a third-party vendor, you can easily upload it into your LMS and deliver it to employees.

Looking for a secure LMS that will meet all of your employees’ training needs, including the need for cybersecurity training? If so, request a free LMS demo of TOPYX. TOPYX LMS is a full-featured social learning management system that can keep your workers updated on best practices for cybersecurity and help protect your company from cyber attacks in unstable times like these. 

References: