Keep Your Company Cyber Competent Without Adding Cyber Anxiety

With the right attitude, businesses can maximize employee satisfaction and protection, without sacrificing productivity.

Kevin Reed, CISO, Acronis

May 9, 2023

4 Min Read
One person is answering question about cybersecurity training.
Source: Yee Xin Tan via Alamy Stock Photo

If you're one of the billions of people with an Internet connection, you know how important it is to stay safe online. Cybercriminals increasingly rely on the deception and manipulation of human beings more than any other variable when it comes to cyberattacks. Whether through phishing, the use of stolen credentials, or simply an overlooked software update or human error, people continue to play a huge role in incidents and breaches alike. By providing employees with knowledge and resources, they can adequately protect themselves and not fall victim to a cyberattack.

Employees Are a Company's Most Targeted Cyber Asset

Cybercriminals and state-backed hackers alike target employees frequently through a method called social engineering, gaining their trust through impersonation, rather than directly hacking into systems, as commonly depicted in the media. A famous example is the recent leak of the much-anticipated video game Grand Theft Auto 6, where more than an hour of various game footage was released to the public — a game where, previously, the only information available was the name and vague plot details. The source of this leak can be traced back to the attacker obtaining credentials via the Rockstar Slack channel, earning the false trust of an employee to breach the company's channel.

Training employees in cybersecurity can be a challenging task, but there are several different methods businesses can utilize to test their staff's cybersecurity prowess. For example, it's common for companies to send fake phishing emails to their employees to test their cybersecurity skill set by using fraudulent links that prompt for a username and password, despite not coming from a verifiable source and having a questionable URL. When a high number of employees fall victim to this phishing simulation, it alerts a company that it may need to step up its employee cybersecurity training.

While equipping employees with the proper cybersecurity training is essential for every connected business, a line must be drawn between raising awareness and creating anxiety. If people have an overinflated idea of how dangerous it is to traverse the Internet, they might try to stay away from it entirely. Even though cyber threats are very real, ransomware went down 61% in 2022, according to a study by Dilena. People need to feel confident and safe to properly do their jobs and perform at their highest levels, so as a tech leader, it's important to instill a sense of security in employees. During the 2020 holiday season, the GoDaddy security team sent a phishing simulation email that suggested a $650 bonus award to every employee. This move was considered insensitive by some, caused outrage on Twitter, and forced the company to apologize. Long term, it caused employees to be anxious when clicking even benign links, potentially reducing employees' productivity.

Your Staff Can Be Cyber Sharp and Confident — and It Starts With You

One of the most effective ways to alleviate your employees' anxieties is simply to make sure you have the best expert help available, in the form of consultants, partnerships, and software implemented into your infrastructure. With the help of experts, you can assess your threat levels, deploy penetration testing, and even devise a plan of action and recovery in case of an attack. With software, make sure you frequently patch and update everything to minimize potential gaps and vulnerabilities cybercriminals would otherwise take advantage of. Consistent updating and patching can take a lot of time and resources, so it's suggested to invest in an integrated solution that offers all its services in one single agent.

Above all else, the best thing tech leaders can do is maintain a positive attitude and express confidence in their company and its security measures. If employees sense any insecurity, it can quickly breed apprehension across your workforce, resulting in lower performance and unhappy staff. Adequate backup and storage protection can help boost your confidence, equipping you with the knowledge that even in the case of a breach, your data is easily recoverable. Ensure your infrastructure is protected with state-of-the-art backup solutions and advanced anti-ransomware technologies, ensuring data is always readily accessible and never in jeopardy.

Cybersecurity is, ultimately, a never-ending process. It is not a destination, but a continuous journey that requires vigilance and awareness, and this can be achieved without creating panic or doubt in a company's security capabilities. With the right attitude, help, and use of software, a business can maximize both employee satisfaction and protection, without sacrificing resources or productivity.

About the Author(s)

Kevin Reed

CISO, Acronis

In his 20+ years in cybersecurity, Kevin Reed has been protecting various organizations from cyber threats. Some of his experiences include implementing cryptographic protection for the third largest bank in Europe, building from the scratch security organization for a Nasdaq-traded search engine company, leading technology operations and running IT infrastructure for one of the largest e-commerce sites in Southeast Asia. Now CISO of Acronis, Kevin is in charge of defining company security strategy, developing cutting-edge security solutions and leads the company's Cyber Protection Operation Centres (CPOCs) worldwide.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights