Skip to main content
close search
site logo
Dive Brief

The key to cybersecurity education? Simulation programs

Published June 5, 2018
By
Valerie Bolden-Barrett Contributor
Deposit Photor

Dive Brief:

  • Nearly all the respondents in a new survey (98%) said their organizations could benefit from added email security to prevent cyberattacks. Barracuda Networks, Inc. polled 630 professionals with email security responsibilities for their companies.
  • Survey results show that most respondents want phishing simulation (63%), social engineering detection (62%), email encryption (60%) and data loss prevention (59%). All the respondents think user training is important, but just 77% are, in fact, training their workers. According to the survey, poor employee behavior (84%) is a bigger email security risk than inadequate tools (16%).
  • Hatem Naguib, Barracuda’s senior vice president and general manager of security, said that phishing attacks are becoming stealthier and that their targets are shifting from big to smaller companies. Barracuda concludes from the survey that by training workers to recognize and avoid phishing attacks, companies of all sizes can help prevent data loss, email fraud and damage to their brand.

Dive Insight:

Organizations are beginning to use simulation to train employees in how to recognize and lessen the chances of a cyber attacker entering and damaging their organizations’ IT systems. IT security firm KnowBe4 uses simulated phishing attacks about once a month to keep employees aware of risks. In November 2017, the North American Electric Reliability Corp. (NERC) staged a mock cybersecurity breach attempt to test employees’ preparedness for an attack.  

Companies have repeatedly said that employees’ negligent behavior is a big concern when it comes to cybersecurity breaches. A Willis Towers Watson report found that 66% of breaches are due to employees’ negligence or malfeasance. Outside threats came in second, at a distant 18%. When employees are allowed to use their personal devices, the threat of an attack increases — meaning employers need to be particularly keen on having a bring-your-own-device policy.

Preventing cybersecurity attacks is as much an HR responsibility as an IT one. Phishing and spoofing masterminds target HR departments for the personal employee data they maintain, including W-2 forms, financial information and other sensitive data.

HR professionals can team up with IT specialists to train and continuously test employees’ cyber knowledge. HR can lead prevention efforts by: 1) knowing their data and where it’s stored; 2) monitoring network activity and flagging abnormal behavior; 3) keeping track of vendors, service providers and other third-party affiliates who shouldn’t have access to company systems; and 4) using only authorized software.

Recommended Reading

Filed Under: HR Tech & Analytics

Editors' picks

Company Announcements

View all | Post a press release
LearnLux Financial Wellbeing Named Top 25 Work Tech Vendor
From LearnLux
November 07, 2024
Goodpath Launches Whole-Person Care Pathways for Diabetes and Weight Management
From Goodpath
October 23, 2024
CuraLinc Healthcare Announces Strategic Acquisition of Marquee Health
From CuraLinc Healthcare
October 29, 2024
Ignition Coaching Partners with ion Learning to Launch Breakthrough Solution to Employee Burno…
From ion Learning
October 24, 2024
Editors' picks
Latest in HR Tech & Analytics
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell