Cybersecurity training basics: Password best practices & phishing identification

As a business, you know the importance of ensuring that your data is safe from the prying eyes of cybercriminals. While anti malware software programs and firewalls are essential to doing this, another important element is, training your employees to identify the traps laid by cybercriminals. This blog offers a list of what you should cover in cybersecurity awareness training.

Password best practices

This should be number one on your list. The easiest way to steal your data is by stealing your password. Hence, you should educate your employees on password best practices. They should know

  • Not to share passwords
  • How to share passwords safely (if at all it has to be done)
  • How to set strong passwords
  • The importance of changing passwords often
  • Your organization’s rules regarding passwords, i.e.. your password policy and associated penalties/actions that will be taken if they fail to adhere to it

You could also invest in a password tool, which will help you enforce your password policy better.

Phishing

Train your employees to identify phishing attempts. Phishing is when cybercriminals pose as someone trustworthy and attempt to steal data. Studies show that the number one reason businesses become victims of cybercrime is because their employees fail to recognize a phishing attempt. For example, an email may be disguised to look as though it came from a coworker or vendor, or even a government agency such as the IRS, and may contain a request for sensitive information. Some may have attachments that the receiver may open unknowingly and end up infecting the whole network with malware. Though anti-malware software programs generally identify such communications and either mark them as spam or issue warnings when the receiver tries to open them or download the attachment, training your employees to recognize phishing attempts is very important, because even a single email that slips through the crack can result in a huge disaster.

Remember, this is not a one-time thing. Cybercriminals are always at work, devising new strategies to steal your data. You need to train new employees as they join your organization and update your existing employees with any new cybercrime modus operandi. You can offload this task to an experienced managed service provider who specializes in cybersecurity. Being a part of the industry, they would generally be up-to-date with the latest risks and advise you and your team accordingly.