Why You Need to Make Security Awareness Training Mandatory

Fifty-five percent of organizations fail to educate their employees on Cybersecurity trends. Due to such irresponsibility, companies are falling victims to social engineering, phishing and ransomware attacks. In most cases, these attacks can cost your business millions in downtime and lost resources, while severely damaging your reputation.

ss-1 Here is some ammo to help you get management convinced that the training should be mandatory.

This is an email that was received in 2018 from a system admin who sent this to all his users, (the names are changed to protect the innocent) in a company. And in 2021 it is only getting worse with massive Ransomeware attacks across the world.

From: Jonas
Sent: Monday, December 03, 2018 1:17 PM
To: ALL USERS
Subject: URGENT Information- I NEED YOUR HELP

Hello, Last week we had two incidents where $750,000 and $35,000 were stolen from the company by cybercrime. These amounts will most likely never be recovered. This should not have happened. These thefts occurred by allowing the bad guys into our network by what is call “Phishing”:

“the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.”

We have, in the past 6 months identified 15% of the email users in our company falling for the fake emails and following links that require authentication of usernames and passwords.

After the incidents last week we identified 5 email user accounts that had been compromised by bad guys. In these accounts (one a branch manager, one a controller, one an engineer) the user ID and Passwords were given to the bad guys where they were able to intercept or send, unbeknownst to the company employee, emails with instructions to move company money for wire transfer or modify ACH accounts for payroll deposit and vendor payments.

PLEASE, take this seriously! You would not let people into your house without knowing who they are and what they want. Email is the same. Don’t take the bait. We will be taking measures to make it more challenging for the bad guys to win. We will be making password updates more frequently along with other authentication processes.

You are our front line in this battle, not letting them into our systems, by being vigilant with the phishing schemes. If you are asked by our IT team to take training I expect you to do just that. Only 66% took the training when asked during our early September Phishing Test.

If you would like more information regarding what you can do to ensure security with your accounts please contact Eric in our IT department, or reach out to me directly.

Thank you for your HELP,

Jonas.

This is the type of email you probably don’t want to see from your manager or employer. Mandatory formal cybersecurity training is the essential step that will help your organization to achieve peace of mind and improve security.

Don’t be delusional thinking that this will never happen to you and your company. As we found out, 68% of the identity theft victims don’t even know how the thief obtained their information in the first place and 92% don’t know anything about the individual/group that stole from them.

CONCLUSION:

Security awareness training is essential for your new employees because hackers could be watching your LinkedIn or other online presence looking for easy targets. Phishing simulations should be mandatory and a part of the onboarding process. Ongoing employee security awareness training program to show how easy it is for someone to accidentally give up their credentials.

It’s not just IT who is responsible for cybersecurity, it’s everyone!

Do you really want to go through all that stress and all that wasted time? Most probably not. Find out more about our FREE Security Awareness Training by clicking the button below!

Request Your Complimentary Consultation!

References:

Tips To Launch Security Awareness Training For New Hires (2021, July 6). Retrieved from

https://elearningindustry.com/why-security-awareness-training-is-required-for-new-employees

Hacked Email: Why Cyber Criminals Want to Get Into Your Inbox. (2017, June 19). Retrieved from https://heimdalsecurity.com/blog/hacked-email-why-cyber-criminals-want-inbox/

Sjouwerman, S. (n.d.). Why You Need To Make Security Awareness Training Mandatory. Read This Horror Story. Retrieved from https://blog.knowbe4.com/why-you-need-to-make-security-awareness-training-mandatory