The gap between employee awareness and execution
Cybersecurity awareness is not a simple “check-the-box” exercise for employees
At a time when countless workers are using mobile devices to access corporate networks and data, and many people are working from remote locations, virtually any employee can represent a potential target of attack.
Employees should be trained on the basics of information security, beginning with the initial job orientation program they attend. In addition, they should be given up-to-date information about the latest security threats, such as ransomware and phishing, as well as the preventive measures put in place by the organization to address such threats.
One of the established keys to ensuring strong security is employee awareness of the various threats and vulnerabilities. However, a recent cybersecurity report by AT&T finds “despite widespread acknowledgement that employee awareness is critical, there’s still a big gap in execution.”
Few businesses need to be as vigilant when it comes to cybersecurity as banks and financial services firms. Because of the huge volumes of data related to monetary transactions, they remain prime targets for hackers and other cyber-criminals. According to the AT&T report, while 61% of all organizations surveyed require across-the-board cybersecurity training, only 56% of respondents in banking and finance say they require such training.
Yet employee awareness is not a simple “check-the-box” exercise. Organizations need to invest in comprehensive, ongoing programs to minimize “weakest link syndrome.” In this regard, workforce-wide cybersecurity training is often just the first step.
Education can be delivered through periodic classroom sessions, eLearning programs, email alerts, and other efforts. Training sessions can also be complimented with wall posters, screen savers, and physical takeaways. Cyber-threat intelligence (which Gartner defines as “evidence-based knowledge – including context, mechanisms, indicators, implications and actionable advice about an existing or emerging menace or hazard to assets”) can also be an important component of security training.
When measured against the potential damage and costs of a data breach, the expense of educating the workforce about cybersecurity threats and best practices can be well worth it. That’s why two-thirds of the AT&T survey respondents also include vendors and contractors in their awareness training programs.
Reinforcing the training over time and testing long-term retention can reveal critical knowledge gaps. Post-test evaluations and ongoing improvements are helpful to fully realize the benefits of both awareness and execution.
AT&T is a leading provider of integrated solutions for business, powered by the global network with more secure connections than any other provider in North America. To learn more about digital transformation in the finance industry, visit our Financial Services solutions page.