You’ve seen the headlines about the enormous hack on the U.S. government—departments from Homeland to Treasury? This is a triumph for the bad guys. All MSP companies (managed IT services) were warned starting in late summer that the weeks around our contentious election would be dangerous ones. And they have been dangerous. But it brings me around to a question I have brought up before: why be a victim if you can avoid it?

By now, serious businesses know that they must have computer experts to design, maintain, and protect their Information Technology networks. Everything is at stake, now that there is ever-changing malware and ransomware continuously attacking even the smallest and simplest of enterprises. Oddly, one of the most basic strategies of cyber protection has been the hardest to implement—the strategy of training employees how to recognize and deflect an outside assault. The most consistent cause of data breaches in most businesses is employee failure to recognize phishing scams. They get an email from an unfamiliar source, they either click on an enticing attachment or submit information, and in a split second the channels are open for invasion. Why is this still happening?

I’ve had employers tell me they don’t feel like they can insist their employees learn the basics of cybersecurity. I argue that, in fact, it should be a condition of employment. When you hire, you have a list of expectations for each employee. You expect them to perform the tasks for which they have been hired, right? You are counting on their production and contributions to your company cause. If it turns out they cannot perform or produce, then you look elsewhere for that talent. On every list of employer expectations, there should be participation in repeated cybersecurity training with the caveat that the employee then passes the test that follows. And yes, there is always a test.

Every two months, Aptica offers two free, online employee cybersecurity training courses. It must happen that often because of how quickly the cyber threats change. The employee takes the training, then shortly after, Aptica will stage a mock attack on the company using the techniques they have trained the employees to recognize as dangerous.
82% of my clients’ employees have failed to complete the training sessions. 12% of my clients’ employees have fallen for the mock attacks. They click on the links and submit information. Yep—those are real numbers. I just cannot wrap my head around why any employer will allow this to happen. Seems pretty simple to me: if you use my computers to work for me, I expect you to protect my company’s assets. Cybersecurity training is continuing education. It is provided by the employer and it is free to the employee. What they learn at work will also apply to use with their private devices, so that’s a bonus.
Why be a cyber victim if you can take steps to avoid it? If you have lost time and productivity because of repeated network breaches, give us a call at Aptica. Between the two of us, we can figure out how to get your employees trained to spot attempted hacking. I am on a mission here.