We also know that your home can be turned into a fortress with a security alarm, cameras, door bolts, guard dogs, you name it… but then a girl scout knocks on the door selling cookies. You quiet the dog, unlock the door, and buy some cookies.
This is how hackers gain entry through your firewalls, antivirus, and fancy IT department… because your or one of your employees unknowingly unlocked the door (clicked a link, opened attachment, etc…) and let them in.
I know… we all get it… cyber threats are on the rise. Duh.
So what have businesses been doing about it? Usually nothing. Some businesses do something like an annual cyber training luncheon. And what do employees tell you about it? It’s boring. If it’s a video training, folks are just watching the video at double speed while doing something else.
Best case scenario… even if the cyber training is wildly effective… new things arise, and people often forget what they heard after a couple of months.
It’s not cutting it anymore.
The better way? Clearly it’s to stay one step ahead all of the time. But how? It’s simple. One word: immersion.
Think of driving on the highway. There are signs everywhere to remind you of the rules of the road. That’s why they are there.
By nudging employees toward safer decisions in real-time, we can help them to develop better “cyber hygiene” habits without overwhelming them with information overload.
We occasionally send (with permission) fake phishing emails to businesses. Those are emails from hackers that look like they are from a big business like FedEx or Amazon (when it’s not). The purpose of these emails is to get your employee’s password. We do the same, but make them incredibly convincing and then let the user in on some training if they put in a real password.
For the above, we even have an Outlook plugin the you can click on to report a phishing email. If you do it to one of our fake ones, some confetti shows up and rewards you for spotting it.
Do you see how something like that can help immerse someone? We have other tools that help, but you can see the theme here. It’s real-time coaching or policy reminders, all in an effort to safeguard your business’s sensitive data.
So, while there may be a place for annual training, it’s time to think about using a more proactive approach to cybersecurity education.
If this is something that you’d like to discuss a little more, please let us know. We love this stuff. 🙂
