Online training


4th March, 2021

How to approach teaching staff about online security

Online security isn’t an easy topic to bring staff up to speed with, but it’s of vital importance you do – for your sake, theirs and the sake of your customers.

As we enter a brave new world of permanent remote working, with businesses powered primarily by the cloud and freelancers relying on versatile working arrangements to get by, there are more cyber threats being posed to than ever before.

It’s not enough to stick up a poster about the dangers of the internet or hope your insurance covers the damages — you need to proactively make sure your team is up to date on the latest cybersecurity news and ready to stop threats to your business. Easier said than done though, right? Your staff may be pretty competent with a laptop, but do they know the first thing about malware?

If you’re struggling to get across the seriousness of cybersecurity to your staff, here is a handy guide as to how to approach the issue and what to cover.

Step 1: Outline common threats

First and foremost, you need to let everyone in your business know what threats are out there.

If your employees can’t recognise potential hazards, how do you expect them to be able to avoid them? By not educating the people you work with, you’re setting yourself up to look foolish and potentially risking losing morale (among other things) in the office.

From managers to the newest starter you need to outline the most common threats faced by all businesses and those in your particular industry — especially if your company is a heavily digital one.

This can be achieved through producing well thought out internal content (think infographics rather than walls of text) and including guidance in your onboarding welcome package you make available to new staff. That way no one in the business can complain they didn’t know of common threats and the importance of understanding them is ingrained early.

On that note, common cyber security threats to cover include:

  • Phishing attacks: One of the most common forms of cybercrime. Phishing schemes have a long history of adaptability and success. They’re most commonly seen through the form of fraudulent communication (such as staff emails). This communication will contain harmful links and downloads disguised as important work or instructions with the aim of gaining access to key details and passwords. In the age of COVID, these schemes have evolved to mimic fake Zoom call invites.
  • Malware: A term that covers malicious software — including viruses, ransomware and spyware. It breaches vulnerable networks through means of dangerous links or downloads before installing risky software with the aim of immobilizing the network or device, obtaining sensitive data from the hard drive, or holding the device to ransom.
  • Man-in-the-middle: Also known as eavesdropping attacks. These occur through attackers inserting themselves into a two-party transaction — such as a purchase on an ecommerce store. When they interrupt they can steal access to sensitive data. These commonly occur on unsecured public Wi-Fi networks or when malware has breached a device.

Step 2: Set them up for success with the right tech tools

It’s all well and good teaching your staff about the dangers of cyberattacks and how to notice them, but without the right tools to combat them they’ll be fighting an uphill battle.

So many cyberattacks and the thwarting of them go unnoticed. Rather than an army protecting a castle, you should be looking to produce an automated defense taking place in the background.

However, there will be instances in which your team will have to use good judgment and powerful tools to combat potential attacks — especially when working remotely.

You should make sure both your office and anywhere your remote teams are working have access to a secured wi-fi network. Coffee shop wi-fi simply won’t do, everyone needs to be on the same page doing these daily tasks from a protected network.

If you are working remotely and your staff are unsure about the security of their home connection, don’t be afraid to shore up their options — it’s a much smaller price to pay than trying to rebuild the business after a significant attack.

Likewise, tools such as a free VPN and firewalls can be used to further protect your business in the background. Firewalls will protect your business from incoming threats, operating largely in the background.

But, if you want an added layer of security consider letting your staff download a free VPN of their choice for a more protected browsing experience. PKI services can also make sure your colleagues are communicating through encrypted email servers, further protecting your private company conversations.

These tools have outside uses, but they also provide peace of mind and reinforce familiarity with cybersecurity.

Step 3: Conduct regular assessments

With knowledge of cybercrime being so crucial to so many businesses and often so above people’s technical knowledge you would be foolish to think everyone in the team could remember it after one lesson. This content needs to be consistently followed up on to hammer home the fine details and seriousness of the message.

That is achieved not through lectures of follow-up emails, but further training sessions.

Hold refresher classes for your entire team, directly covering the topics that pop up more commonly in your business. Tailoring it to their personal experience is a crucial step in making this information easier to remember.

However, there must be room for people to make mistakes. Create an environment where people will ask questions. Otherwise, you’ll have members of your team feigning knowledge they’ll eventually get caught out on — with potentially devastating consequences for the business at large.

These assessments can be time-consuming, but they’ll also equip you with a workforce more prepared for potential attacks than 99 percent of businesses in the world.

Stay in the know

Sign up for added insights and business-critical news from MYOB.

A valid email is required
Congratulations! You've successfully subscribed to our newsletter!
Something went wrong

It’s very easy not to take online security seriously. Whether you’re caught up in the excitement of starting a new tech business or so stuck in your ways you ignore the need for a digital security blanket, you’re putting your livelihood in danger by not being more proactive.

Follow these simple steps and make decisions unique to your business to stay ahead of the curve and out of the reach of digital criminals.