7 Reasons to Offer Corporate Cyber Security Training by David McCullough, on March 21, 2018 Cybercrime costs continue to increase, and now costs organizations an average of $11.7 million. In 2017, headlines were dominated by major cybersecurity hacks, threats, and breaches. From the WannaCry attack unleashed by North Korea to the Equifax hack, businesses are more vulnerable than ever before when it comes to cybersecurity. One thing is clear: Businesses hoping to keep their data safe will need to invest in corporate cyber security training. Here are 7 reasons why you may need to train your employees ASAP: 1. Artificial Intelligence and Machine Learning AI and machine learning have already impacted businesses in numerous ways, from greater innovation to more efficient business processes. But this technology is both a positive and a negative when it comes to cyber security. Almost every industry has already invested in AI. But the increasing use of this technology means that criminals will soon be using it to attack company networks. Experts from McAfee have predicted that these criminals will use machine learning to disrupt detection models, learn from the current defensive responses, and continually attack servers. Without solid cyber security training, cybercriminals will be able to exploit company vulnerabilities much faster than defenders will be able to patch them. 2. Ransomware Ransomware has been a massive issue over the past few years. This is when criminals hack your servers, locking up your systems and files, and demanding payment to get it back. We've already seen an example of this earlier this year. In Indiana, Hancock Regional Hospital was hit by an attack that affected operating systems, health records, and email. Hackers requested (and were ultimately paid) four bitcoins. The bitcoins totaled approximately $55,000. Businesses can expect these attacks to become more sophisticated and prevalent. That's why it's crucial that you invest in corporate cyber security training. This will ensure that your employees know what steps to take in the event that you're attacked and how to shut down key systems. 3. Internal Threats Even if businesses have invested in state-of-the-art technology, it doesn't protect them from threats from within. Employees may be malicious, negligent, or just make a mistake. They may download a bad email attachment, click on the wrong link, or fail to pay attention to what they're doing on their network-connected phone. Employees actions can quickly and easily lead to a compromised network, even if you're using the best technology as protection. This is why it's crucial that employees understand the risks they may face. If employees are unable to recognize threats, they can't defend themselves against them. 4. Personal Devices While many businesses are now embracing BYOD policies, these can be a security liability. These policies are popular because they allow companies to improve employee productivity while lowering costs. However, one recent survey found that 70% of respondents used their personal electronic devices to access company systems. But only 39% of the businesses had any formal BYOD policies in place. And less than 50% had received any security instructions regarding how they could use their devices. Cyber security training will teach your employees what they can and can't do with their devices. That means you'll get the benefits of BYOD, without the security problems. 5. Changing Threat Landscape Unfortunately, the threats to cyber security are continually changing. And many of them are designed to exploit the human element. This includes social engineering attacks. While email phishing and spam rates have been on the decrease, manually shared social media scams have increased by almost 80% in the same amount of time. Since the threat landscape is continually changing, what employees learn at one cyber security training could no longer be relevant six months or a year down the line. That's why ongoing training is crucial to ensure employees don't become complacent. 6. Regulations Depending on the nature of your business, you may already be legally obligated to provide your employees with cyber security training. The scope and frequency of these requirements will vary, so you may need to consult with an expert in your industry to create the best curriculum. If your company falls under Sarbanes-Oxley, HIPPA, PCI, or GLBA you'll definitely need to be training your employees in security awareness. Some of the other organizations that will have mandatory requirements for cyber security training include: • Financial institutions • Publicly traded businesses • Healthcare organizations • U.S Federal agencies 7. A Lack of Understanding Your employees may have a high-level understanding of why cyber security is important, but they may not understand how their tasks are impacted on a day-to-day level. In order for your business to defend itself from threats, your employees need to live and breathe a culture of cyber security. When you provide your employees with cyber security training, they understand the seriousness of the threat. They'll be put through their paces and will run simulations, so they understand what steps should be immediately taken when they're confronted by a threat. When employees are prepared, they're confident and will act quickly when necessary. And they'll help keep your business safe. Ready for Cyber Security Training? If you own a small business, you may assume that you'll be too small to target. After all, we're continually hearing about massive companies getting hacked. But cybercriminals are increasingly targeting small businesses due to their more relaxed cyber security measures. Put simply, these criminals are hoping that someone has left the back door to your business unlocked. It's more important than ever that you have a solid cyber security strategy. And cyber security training should be a massive part of this strategy. Without training, your employees can't be expected to know how to defend your business from these threats. Need to arrange training for your employees? Message us today to learn how we can help. David McCullough David McCullough serves as the Chief Administrative Officer for LandrumHR. Prior to joining LandrumHR in 2017, David spent twenty five years in the technology, PEO and staffing industries with roles in sales, operations, client relations and executive management. David is active in many nonprofit organizations and is a founding member of the Atlanta chapter of Georgetown University’s Woodstock Business Conference. He also acts as a board member of the Catholic Charities Atlanta Leadership Class. David holds a B.S. and M.Ed. from Auburn University. He resides in Atlanta, GA with his wife and three children. View more blogs by David McCullough 1 Related Articles Theft is Rampant in the Workplace - Yes, Yours Too! 5 Important Facts About Employer Background Checks 5 Easy Ways Employers Can Protect Themselves from Cyber Threats Employee Engagement is More Than Just Perks Importance of Corporate Non-Disclosures in 2018