Train employees to recognize common mistakes and scam tactics. Training employees to recognize common scam tactics can go a long way toward preventing breaches. If a superior asks you to sign off on an invoice you don’t recognize, double-check that the email comes from his actual email address. If they’re asking to buy gift cards or perform some other unusual action, double-check with them first. On a similar note, train employees to take the time to check links before they click. Simple steps like these will help employees avoid some of the most common pitfalls.
Ensure that employees know how and why to use their security tools. Just because an organization has certain security tools available doesn’t mean they’re actually used properly. Are employees actually using two-factor authentication? Are their filesharing passwords strong enough? Are they logging into their VPNs when appropriate, or using secure Wi-Fi networks when working remotely? If the answer to these and other questions is “no,” the organization can be at risk. Training employees not just on the “how” of security tools but also the “why” can go a long way toward generating buy-in and ensuring that they use the tools effectively.
Create a culture of accountability, rather than blame. Mistakes are such a common cause of breaches because they are generally difficult to detect. Companies will only discover mistakes if the employee owns up to the error—which many are understandably reluctant to do. An employee who fears for their job will generally sweep it under the rug, hoping nobody notices. It’s a company culture challenge, rather than a technological one, and requires organizations to examine their responses to mistakes. Businesses willing to work with employees to help prevent similar incidents in the future will likely have more success stopping breaches than those that impose unreasonably draconian punishments.
Understand how today’s technology can help—because training has a ceiling. Even the most well-trained employees will inevitably make mistakes, so it’s important to recognize the limits of training. Fortunately, there are new and innovative security tools that offer a digital backstop. Advances in machine learning have developed tools that identify anomalous behavior, raising red flags if an email address or attachment doesn’t look right. Encryption tools can now detect whether the company uses the correct level of encryption, while verifying the identity of both sender and recipient. Employees need training, but they should also know that there’s a safety net waiting below them to help.
Help employees help themselves. What do building a culture of accountability and identifying new security tools have in common? They help employees take control of their own actions. Companies can raise alerts, letting an employee know that they may be responding to a scam email, giving the employee the opportunity to self-correct, stopping potentially damaging incident before it happens. This approach helps prevent costly breaches by empowering the employee to recognize and correct their own mistakes, which helps build a culture of accountability and support.