Posts

How To Handle Employee Cyber Security Training

/in /by

StrategyDriven Risk Management Article | How To Handle Employee Cyber Security Training | Cyber Security, Business, Corporate

If your employees’ financial and personal information is leaked to intruders, your company may lose a lot. Most employees in various companies have fallen victim to phishing scams, causing great losses to the company. Unfortunately, cyber attackers evolve as technology changes and make their attacks even more sophisticated.

To shield your company from attacks, you need to conduct a compromise assessment and assess where it’s more vulnerable. Setting up complicated systems to protect your business is great. But if your employees don’t know how to use the systems, you’ll still be vulnerable. That’s why every organization should give their employees basic cybersecurity training. That way, attacks targeting social engineering and phishing scams will stay out of your business.

Here are some tactics for training your employees in cybersecurity:

StrategyDriven Risk Management Article | How To Handle Employee Cyber Security Training1. Avoid Blame Games

When the news of a data breach gets into the ears of the company’s executive and other people, it’s easy to attach the fault to some employee who clicked the wrong link. Though it might be true that one of your employees may have fallen for an attacker’s trap, it isn’t advisable to blame them if they don’t have the right knowledge about such attacks. In fact, it may seem that the organization is dodging is the responsibility of training employees on how to keep its data and networks secure.

Instead of blaming the employees, you should develop a plan that’ll ensure every worker has the knowledge they require to prevent attacks. You should also encourage them to ask questions and set up a department that can address their concerns.

Training isn’t only about collecting your employees in some class and lecturing them on best practices, but it could also be sharing with them new threats through SMSs and pinning informational notices on their noticeboards and offices. That way, they’ll keep interacting with the information and enhance their knowledge of cybersecurity threats.

2. Have A Budget For Employee Training

While SMSs and notices can help inform your employees about threats, you may need to conduct a training to explain how to handle some complicated threats. Cybersecurity requires constant maintenance because new attacks are created daily and monthly. Therefore, conducting monthly training can be ideal for updating them on such threats.

According to experienced IT experts, people working in your organization are assets that need continual investment. If you don’t patch them regularly, they’ll be vulnerable. That’s why when planning for your yearly budget, you should include employee training. Securing your systems and data is just as essential as marketing your products and services. So it would be best to treat employee training with seriousness as you would treat marketing.

Furthermore, you need to use many approaches to keep your staff on top of the trends. That may need a mindset shift and not viewing an employee who opened a wrong link as a source of failure even after training them but recognizing that your training and security structure needs updating.

3. Prioritize Cyber Security Awareness

Being on top of trends doesn’t prevent your company from experiencing data breaches. According to Cyber Security Hub, companies like Toyota, Walmart, and Dunkin’ Donuts have experienced attacks in the recent past despite having sophisticated security systems.

If you think that your small enterprise is safe, you need to be very worried because a 2018 cybersecurity report by Ponemon Institute revealed that about two-thirds of small businesses were attacked within a year. The only way to keep your systems secure is always to enlighten your employees about cybersecurity news. That way, they’ll understand the frequency and volume of attacks and be alert throughout the day.

Though getting your employees aware of current events is vital, you shouldn’t flood their inboxes with many emails that may be sent directly to the archives. Instead, you can attach cybersecurity information in the emails or reports news section that you can customize. Also, including messages in the links you send to your employees can help them stay updated.

4. Train Them On Password Best Practices

Having password best practices in your organization is one way of developing a robust security plan. The only problem you may face is convincing your workers to implement it.

Strong passwords should have the following qualities:

  • Be Long Enough: Lengthy passwords are difficult to crack. That’s why IT experts recommend that you set passwords with at least eight characters.
  • Have Many Character Sets: Every character set you add enhances the complexity of the password and makes it difficult to penetrate. That’s why your password should have a lower case, upper case, symbols, and numerals.
  • Have Incomplete Words: There’s no doubt that common words are easier to remember. However, they make it very simple for an attacker to crack. So it’s advisable to use incomplete words.
  • Should Be Changed Often: If you keep on using the same password on many devices, it may be compromised. To avoid that, you should change your password after a smaller window. Setting a reminder can help you know when to change your passwords.
  • Shouldn’t Be Shared Across Accounts: Using similar passwords across accounts can make it easy for an enterprising hacker to obtain your information and use it on other websites. Fortunately, there are sites where you can key in your email to know if your password has been compromised.

To ensure that all your employees have complied with password policies, you can use password managing tools. These tools will generate memorable but strong passwords for every account that your workers use. They’ll also simplify the process of sharing passwords and allow the employees to collaborate remotely.

As much as training your employees on password policies is vital, you also need to complement their knowledge with other data protection policies. Don’t assume that they know and understand them, but remind them regularly through refresher courses.

That way, they’ll always be updated on policies and rules that they need to follow. Every time you hire a new employee, you should tell them about data protection regulations and inform them about the company’s cybersecurity policies.

Final Words

You can’t prevent cyber attackers from targeting your company’s systems, but you can try as best as you can to shield them. Training your employees on best practices can help you to minimize the chances of cybercrime immensely. Their knowledge of cybersecurity threats can make your company secure or a vulnerable target.

Why Employee Training Is A Wise Investment For Your Business

/in /by

Businesses can only thrive when they benefit from regular and targeted investment. There will be many areas of potential investment including physical infrastructure, consumables and professional services that all compete for a limited budget. Whilst employee recruitment is usually viewed as a legitimate area for investment, employee training has traditionally been overlooked and often comes at the bottom of spending priorities.

This is a mistake but there is more bad news. When business owners are looking to make savings in their outgoings, employee training is usually the first budget to be slashed because it is an easy target. This short-term view is not what is best for your business going forward and could be highly damaging. There are many compelling reasons why you should target your investment at employee training.

This may require a shift in attitude. You need to start viewing employee training as a way to make you more money rather than a waste of money. It is a long-term investment that will pay you great dividends in the future.

Why you need to take employee training seriously

Your employees are one of your greatest assets. You have made a lot of effort to recruit the right people for the job. The recruitment process is costly in both time and money. If you do not look after the employees that you have recruited then this has been a waste of time and resources.

If your business is to thrive, it is essential that you manage your workforce effectively. This is a lot more than ensuring that they turn up on time and that they stay as long as they are meant to. You need to make sure that you are making the most of them whilst they are at work. An experienced and well-trained employee could be your greatest business asset.

Human resources management is all about striking a balance between encouragement, rewards, and sanctions. It is also about developing each employee as an individual and nurturing them so that they can feel fulfilled and make the best contribution to your enterprise. On-going training is a vital element of this. It is viewed by employees as a reward because it has benefits for them as well as your business. It renews interest in their task and keeps them engaged with your operation. They will also enjoy being viewed as an authority in a particular area. Rather than relegating it to the bottom of the pile, you should place employee training at the center of how you manage your employees.

An employee that is trained in all the latest skills and techniques and who is provided with the latest knowledge will be able to complete their job more effectively. They are also more efficient so they get the job done faster using fewer resources. This is good for your cash-flow.

Trained employees are happier and feel more highly motivated at work so productivity is increased. Business research shows that employee training correlates with increased job satisfaction and higher morale. The workplace becomes a happier and more productive place and profits increase. It also means that employees are more likely to stay in their job and your staff retention is improved. Ultimately, this saves you money.

If your employees are using outdated techniques, technology, and modalities then they could be harming your business. It is time for a change in attitude towards employee training. You are leading a team and you should want that team to be the best that it can be.

StrategyDriven Talent Management Article
Photo courtesy of Pexels

Areas for employee training

Some employee training will need to be targeted at the specific role that they play in your organization. Training does not mean that employees need to leave the workplace to take advantage of it as there are many courses provided online these days.

If your business operates in the retail sector, you should invest in sales technique training. This will equip your sales team with the latest techniques for converting visitors into paying customers and even into repeat customers. If your business is associated with technology then you need to provide training on the latest technological developments – see programs relating to technology. Information technology skills are highly relevant to any business. Once the training is complete you could designate one employee as your IT expert. This will mean that you do not have to rely on an external organisation to provide your IT support and it could save you a huge amount of money. As an employee who is on site all the time, they will be able to spot problems before they occur and will understand how your business systems operate.

Training in cyber security is increasingly important for all of today’s businesses. Every business is a potential target for such an attack and the only way to effectively protect the business is to train employees in what they must do to prevent it.

If you operate in a specialized sector such as the provision of services to children, it makes sense to train employees in the area of child development and learning – see programs relating to early age education. You can provide your employees with courses such as Child Development, Assessment, Observation, and Intervention and Exploring the Principles of Education. Typically, the training programs focus on how to create healthy environments that encourage and stimulate children. This would provide valuable insights for your business.

Generic training for all employee

There are some areas where all employees need to be trained and health and safety training is one of these. It is an area that is often neglected but is essential in all work premises. As an employer, you have a duty to protect the health, safety, and welfare of your employees and training is a big part of that.

You cannot ask an employee to carry out a task without providing them with the appropriate training. If you do not do that, you are putting them and everyone around them at risk. Health and safety training could include any of the following:

  • Training in how to carry out a particular job. Every time you require an employee to carry out a job, you must ensure that they have been trained in how to do it safely. This includes training them in a safe system of work, how to spot hazards and what to do if something goes wrong.
  • Training in how to use equipment. When you require an employee to use a particular piece of equipment you must ensure that they are trained in how to use it safely. That includes how to use any safety features that the equipment is provided with and if there are any checks that need to be carried out before the equipment is used.
  • Training in how to use personal protective equipment. If your employees have to use some sort of personal protective equipment (such as ear defenders or breathing apparatus) they must be trained in how to use it correctly. It is not sufficient to simply provide the equipment because if it is not used properly it will not offer the protection that it has been designed to provide.
  • Training in spotting and reporting hazards. You cannot be everywhere in your business at the same time and so it is essential that every employee knows how to spot potential hazards. They are your eyes and ears throughout the organisation. They also need to know how they should report it to and how they should do that.

First aid training is useful for all employees and some workplaces are required to have a trained first aider on site. Employees with first aid training have saved thousands of lives in workplaces up and down the country. There are several different levels of first aid training ranging from simple first aid to CPR and serious incident management.

Training must be an ongoing activity

It is a mistake to view employee training as a one-off provision. It is actually something that needs to be kept under continual review. There are always new courses and new opportunities that you can take advantage of. You need to be continually assessing who needs training and what training it would be best to provide them with.

One approach that works well is to integrate an assessment of training needs into your staff appraisal so that employees are actively involved in identifying what they need. The findings could be reported back as part of an annual review so that you can work out your budget requirements.

If you are not sure of the latest training courses in your particular industry you can check these out on trade organisation websites and journals. However, don’t be afraid to think outside the box. A training course from an entirely different sector may bring the innovation that your business needs.

Finally, it is not just your employees that need training. As the business owner, you owe it to yourself to keep up to date with the latest developments. You may enjoy learning more than you thought you would!

Training vs. Learning: Do you want to train? Or have someone learn?

/in , /by

Training successfully educates only those who are predisposed to the new material. Others may endeavor to learn during class but may not permanently adopt it. The problem isn’t the value of information or the eagerness of the learner: It’s a problem with both the training model itself and the way learners learn. It’s a systems/change problem.

How We Learn

We all operate out of unique, internal systems comprised of mental models (rules, beliefs, history etc.) that form the foundation of who we are and determine our choices, behaviors and habits. Our behaviors are the vehicles that represent these internal systems – our beliefs in action, if you will. So as a Buddhist I wouldn’t learn to shoot a gun, but if someone were to try to kill my family I’d shift the hierarchy of my beliefs to put ‘family’ above ‘Buddhist’ and ‘shooting a gun’ might be within the realm of possibility.

Because anything new is a threat to our habitual and carefully (unconsciously) organized internal system (part of our limbic brain), we instinctively defend ourselves against anything ‘foreign’ that might seek to enter. For real change (like learning something new) to occur, our system must buy-in to the new or it will be automatically resisted. It similarly effects selling/buying, coaching/clients, doctors/patients, leaders/followers.

A training program potentially generates obstacles, such as when

  • learners are happy with their habitual behaviors and don’t seek anything new,
  • fear they might lose their historic competency,
  • the new material unconsciously opposes long-held beliefs.

We are programmed to maintain our status quo and resist anything new unless our beliefs/mental models recognize that the new material will align with our status quo regardless of the efficacy of the required change.

How We Train

The training model assumes that if new material

  • is recognized as important, rational, and useful,
  • is offered in a logical, informative, interesting way,
  • allows time for experience and practice,

it will become accepted and habituated. But these assumptions are faulty. At an unconscious level, this model attempts to push something foreign into a closed system (our status quo): it might be adopted briefly, but if it opposes our habituated norm, it will show up as a threat and be resisted. This is the same problem faced when sellers attempt to place a new solution, or doctors attempt to change the habits of ill patients. It has little to do with the new, and everything to do with change management.

Truly experiential learning has a higher probability of being adopted because it uses the experience – like walking on coals, doing trust-falls with team members – to shift the underlying beliefs where the change takes place. Until or unless there is a belief change, and the underlying system is ready, willing, and able to adopt the new material into the accepted status quo, the change will not be permanent.

One of the unfortunate assumptions of the training field is that the teach/experience/practice model is effective and if learning doesn’t take place it’s the fault of the learner (much like sellers think the buyer is the problem, coaches thinks clients are the problem, and Listeners think Speakers are the problem). Effective training must change beliefs first.

Learning Facilitation

To avoid resistance and support adoption, training must enable

  1. buy-in from the belief/system status;
  2. the system to discover its own areas of lack and create an acceptable opening for change

before the new material is offered.

I had a problem to resolve when designing my first Buying Facilitation® training program in 1983. Because my content ran counter to an industry norm (sales), I had to help learners overcome a set of standardized beliefs and accepted processes endemic to the field. Learners would have to first recognize that their habitual skills were insufficient and higher success ratios were possible by adding (not necessarily subtracting) new ones. I called my training design Learning Facilitation and have used this model successfully for decades. (See my paper in The 2003 Annual: Volume 1 Training [Jossey-Bass/Pfieffer]: “Designing Curricula for Learning Environments Using a Facilitative Teaching Approach to Empower Learners” pp 263-272).

Briefly: Day 1 helps learners recognize the components of their unconscious status quo while identifying skills necessary for greater excellence: specifically, what they do that works and what they do that doesn’t work, and how their current skills match up with their unique definition of excellence within the course parameters. Day 2 enables learners to identify skills that would supplement their current skills to choose excellence at will, and tests for, and manages, acceptance and resistance. Only then do new behaviors get introduced and practiced.

Course material is designed with ‘learning’ in mind (rather than content sharing/behavior change), and looks quite different from conventional training. For example Day 1 uses no desks, no notes, and no lectures. I teach learners how to enlist their unconscious to facilitate buy-in for new material.

Whether it’s my training model or your own, just ask yourself: Do you want to train? Or have someone learn? They are two different activities.

About the Author

Sharon Drew Morgen is a visionary, original thinker, and thought leader in change management and decision facilitation. She works as a coach, trainer, speaker, and consultant, and has authored 9 books including the NYTimes Business BestsellerSelling with Integrity. Morgen developed the Buying Facilitation® method (www.sharondrewmorgen.com) in 1985 to facilitate change decisions, notably to help buyers buy and help leaders and coaches affect permanent change. Her newest book What? www.didihearyou.com explains how to close the gap between what’s said and what’s heard. She can be reached at [email protected]