Last updated: 11.02.19

Cyber Security: How Do I Train My Employees?

Cyber crime is one of the biggest threats to modern businesses. It can cause significant disruption and damage, and where businesses have been lax with their security, it can even result in fines and other punishments. As a result, it’s important that all businesses have a good level of cyber security knowledge among employees. But how do you train them, and what do they need to know? Let’s take a look.

The Basics

Training employees in the basics of IT generally isn’t too difficult. You should make it part of the induction process, or, if your business is new to cyber security, you should set aside some time to go through the major issues with your employees, just like you would with any other training requirement. You don’t need specialist knowledge to get your head round the most basic principles of IT security, nor do you need an in depth and technical understanding to go through this with your employees. There are a few key things that everyone in the business needs to be aware of. They include the following:

Passwords - Passwords are still one of the most problematic aspects of cyber security, despite the fact that a great many people have used them throughout their working lives. Encourage your employees to use complex passwords, and not to use the same one twice. And if you have control, then set their systems to ensure that passwords have to be periodically refreshed to particular standards.

Data Backup - Malicious cyber activity can often be mitigated if you’ve got good backups. Instruct employees to keep a back up of important files and emails. Ideally, data should be kept both physically and in the cloud.

Phishing - Phishing refers to the practice of pretending to be a trustworthy source and requesting data. This can be in both email and website form, and unfortunately people still fall for the scam. Often, emails will look like they’re from a bank or other important service provider. Train your employees to spot these before they hand over any sensitive data.

Malware - Malware refers to any kind of malicious software, which includes things like viruses and ransomware. These can damage data, software and hardware, and significantly disrupt services. Make sure that your employees know what not to click on, and that they do not switch off or otherwise disrupt any cyber security software you’ve installed on machines.

IT Policy

Having a sound IT policy is hugely beneficial when trying to ensure you have a competent workforce, which is why it’s advised that all businesses have one, no matter how small or large. The IT policy doesn’t necessarily have to be overly complex - if you have just a few devices, pieces of software and users then it may only be a brief document, but it should nonetheless detail the important elements of cyber security. This way, your employees can use it as a reference whenever they’re unsure. Introductory training is great, but it’s always useful to have a written document.

What is important to note, is that you should ideally have this document written by someone who understands cyber security. We’ve explained that you can cover the basics with your employees, but if there are certain issues you’re not familiar with, such as the workings of you router’s firewall, then seek help from specialists with cyber security certifications.

Further Training and Resources

If you feel that you’re not able to give your employees the training they need to be effective at cyber security, whether because you have a larger number of staff, or you're not confident in your own knowledge, then it’s very important that you consider outside help. Cyber crime is such a significant threat that it isn’t worth the risk of having a workforce that isn’t competent. The age old saying of a chain is only as strong as its weakest link is very much applicable here; just one or two employees that are lax with passwords or are easily fooled into clicking on the wrong thing, can cause very significant impacts on a business. This is why everyone must be trained, and you need a record of this happening.

Fortunately, getting external help is not difficult. There are many training organisations available to help you. Here at Virtual College, we’re proud to be leaders in online training, and our cyber security courses are ideal if you feel your employees aren’t fully clued up. Our cyber security introduction course is ideal for this, or if you’d prefer to disseminate the information yourself, consider taking a course tailored towards managers.

Related resources