
Companies affected by criminal attacks almost always have firewalls and data protection software installed. However, this is not enough. It is employees, not technology, who are most vulnerable to attack. This does not mean that employees are irresponsible. They make common human mistakes and are unprepared for cybersecurity threats.
90% of cybersecurity breaches are due to human error. Moreover, only 38% of international organizations claim that they are ready for complicated cyberattacks. Today, a favorite method of cybercriminals is social engineering, in which they manipulate victims psychologically and convince them to voluntarily or unknowingly transfer their personal data. In addition to these virtual scams, another persistent threat is malware.
Distant work. In the context of COVID-19 quarantine and martial law, remote work has become a new reality for many. Teleworking has become so widespread that organizations have developed separate policies for remote workers. Working remotely using the cloud has increased comfort, but it has also exacerbated the risk of infiltration into the organization.
Internet of Things (IoT). Employees connect personal devices to the company network or use them for official business purposes. Many devices are not secured adequately and pose a significant threat to an organization’s internal IT security. IoT attacks can be minimized through «bring-your-own-device» (BYOD) practices in the workplace and by enforcing security policies among employees.

Cybersecurity threats. In order for employees to detect and prevent violations, they need a basic knowledge of the signs of various forms of threats. Spam detection materials should explain that spam occurs not only in emails, but also in social media messages and invitations. For example, «invitations» on LinkedIn may contain viruses.
When talking about phishing, provide examples of real-life phishing scams so employees understand what fake emails look like, who they come from, and what information they are looking for.
Training should include tips on how to avoid downloading malware and ransomware.
The importance of passwords. Passwords are needed everywhere today – to unlock devices, log into accounts, and for all work-related applications. Consider secure software that can generate and store passwords. Develop a policy on email, internet and social media.
Company data protection. Every company has its own data protection policy, but it should not be assumed that all employees know or understand it. Don’t forget to hold refresher courses regularly so that all employees remember the rules and know when they change.
How to detect and report cybersecurity threats. Your employees are your eyes and ears. Every device your colleagues use, every email they receive and open, may contain hints of a hidden virus, a phishing scam and a password crack. Also, be sure to inform them about who and how to report suspicious content behavior.
It is best not to use ready-made training modules and basic web courses. Instead, it makes sense to invest in cybersecurity experts working directly with the organization. This specialized training allows you to develop a complete virtual security strategy in accordance with the company’s unique corporate structure, data privacy and employee needs.
The goal of such training is always to change safety habits and behaviors and to understand the shared responsibility of employees.