Employees quite innocently email things to their personal accounts to work on over the weekend Work documents get stored on personal devices Employees use social media and create a public link between the personal and corporate brand Employees give out their corporate email address and re-use corporate passwords on websites that they use in their […]
Employees quite innocently email things to their personal accounts to work on over the weekend Work documents get stored on personal devices Employees use social media and create a public link between the personal and corporate brand Employees give out their corporate email address and re-use corporate passwords on websites that they use in their […]
- Employees quite innocently email things to their personal accounts to work on over the weekend
- Work documents get stored on personal devices
- Employees use social media and create a public link between the personal and corporate brand
- Employees give out their corporate email address and re-use corporate passwords on websites that they use in their personal time like newspapers, online retailers and others
- Families, particularly children or partners may share a computer with an employee
- Your employee could be blackmailed into giving access to a criminal or foreign government because of sensitive personal information that was stolen
Your employee may need to help their parents recover from a massive cyber fraud - Employees may need to help their young children avoid inappropriate content or deal with cyber bullying
Any of the above situations could result in a business being the victim of cyber crime, through an actual crime or the emotional impact on an employee.
The impact on your business if a cyber-crime is committed as a result of employee actions are;
- As a best case scenario, a quick investigation follows and the breach is contained. Your company may also only suffer limited brand damage and your employee may receive a warning
- At worst, there could be serious damage to your company’s brand, loss of revenue and clients, regulatory fines and dismissal of your employee. Also the emotional impact on your employee will undoubtedly be negative.
Why Companies Should Protect Employees from Cyber Crimes at home & work
- According to a 2016 cyber security spending report, companies are set to spend over $100 billion on cyber security products and services by 2020.
- While companies continue to focus their efforts on protecting technical assets, they struggle with protecting the people in their organisations.
- A 2016 breach survey by HM government highlights that companies are not doing enough when it comes to training their staff on cyber security. Only 62% of large organisations, 38% of medium and 22% of small companies train their staff on how to keep company information safe.
- What’s even worse is that companies typically are only concerned with protecting a person’s work persona and do not extend protective tools and services to people in their home lives.
Traditional Corporate Training is Ineffective
I’ve heard countless stories of staff who have been subjected to the usual corporate e-learning courses where they are forced to watch a training video or click through slides and take a quiz at the end. The best part is, it’s usually impossible to fail the quiz, you just keep answering the same 3 questions until you get them all right! Here are a few of the usual things we hear;
“Oh that e-learning course, I did it a few months ago and then forgot everything it told me”
“What’s an information security policy?”
“I just click next, next, next, next until I get to the end as quickly as possible.”
“I play the video then alt-tab and keep replying to emails.”
What these traditional approaches get wrong is they are not relevant enough to the individual doing the training.
To be cynical, why does someone care about doing security training at work? Like it or not, people care far more about themselves and their families than their work.
When you connect both the at work and at home personas, people realise how the two worlds are related.
Cyber Security Training as a Staff Benefit
Companies often struggle with data protection issues and do not want to be seen as overstepping their authority into someone’s home life. They want to avoid being seen as ‘Big Brother’ and as a result, people are left to fend for themselves at home.
This is why companies should consider a new approach to protecting people at home via a company provided cyber security benefit program.
The insurance world already provides a number of solutions for health and travel insurance, why not cyber?
By protecting the person at home, where there is an emotional connection to protecting themselves and their family, the staff member can bring these learnings with them into the workplace to the benefit of the company.
In the old world, only the company wins, with cyber training for people at home, everyone wins.
Andrew Martin, CEO, DynaRisk.com
andrew@dynarisk.com
Twitter: @DynaRisk