Employee Without IT Security Awareness Can Unleash Hell on the Company
4/1/2020
Employee Without IT Security Awareness Can Unleash Hell on the Company

Carelessness, slackness and poor knowledge demonstrated by employees are the most common causes of data leaks from company systems. Human factor is responsible for nine out of ten cases of all security incidents in cyberspace. Therefore, education in the field of IT security presents today a significant benefit not only for the further advancement of employee's career, but in the first place, for the company itself. AEC, a leading cybersecurity provider, comes through its AEC Security Academy with an affordable, sophisticated and effective employee training system.

Affected institutions and companies usually have two things in common. A solid and costly security system with multi-level protection of their IT environment on the one hand, and employees with only slight knowledge on the other. Statistics show that up to 94% of all malware compromises are delivered through phishing. An inconspicuous e-mail, looking all trustworthy and urgent, appears in some employee's mailbox among new messages. All future operations in the company now depend on the correct reaction of a single person.

"An employee without sufficient awareness of cyberspace threats has no idea whatsoever, what a single reckless decision or omission can unleash. Cyberattack may totally paralyze the whole company," says Maroš Barabas, AEC Head of Product Management.

The solution to this situation is in fact neither complicated, nor expensive. It lies in an efficient employee training – a benefit with great added value for everyone involved. For an informed employee, it opens the door to future professional growth, and at the same time, it is a great asset for the enterprise itself. More importantly, the company is well protected as a result. It is also true, that a training is incomparably cheaper for the employer than providing other employee benefits, such as meal vouchers, insurance contributions or company cars.

E-learning, especially short and densely instructive video tutorials, has proven to be the perfect tool for educating employees on the topic of IT security. At present, AEC Security Academy offers 10 educational e-learning courses. Among the topics are mobile devices security, deletion of data, data on USB flash drives, passwords, safe behaviour in online networks, secure e-mail, or employees' reaction in course of an incident. Up-to-date and clearly arranged videos are available online, i.e. easily accessible at any time.

"Each of our training procedures is aimed at making IT security an integral part of the company. Employees should take it for granted that they are the ones providing the crucial protection. We aim to incorporate this approach into their corporate culture so that it becomes completely automated," says Maroš Barabas.

It would be a mistake to assume that after people learn some elemental knowledge through e-learning, they are done once and for all. Over time, the information they learned has to be repeated and updated.

The best way to do it is by thematically centred newsletters, posters, games, infographics, competitions, various motivational challenges and, above all, experiences. When people link some information with emotions, they keep it in their heads much longer.

This is one of the reasons why AEC offers testing of the employees who have been trained as part of these courses. It takes place in the form of a sent out e-mail containing a tailor-made, completely harmless malware. All employees who open this "harmful" message, are automatically directed to further e-learning, to work on their vigilance and knowledge. Based on the testing results, AEC provides the rankings listing all participants' success, according to which the company can reward its people.

AEC Security Academy offers its trainings in Czech, Slovak and English as a turnkey delivery. This means, among other things, that the company has full control over the whole training procedure. Individual courses are always assigned by the company manager in charge. He is the one who, based on the resource materials provided and his knowledge of the corporate environment, defines the educational plan for the company, distributes the courses to the appropriate employees and divides them into batches.

As Maroš Barabas points out: "The system of our courses is designed to be as accessible as possible and as efficient as possible at the same time. All materials, including relevant infographics, are prepared in accordance with the corporate culture familiar to the employees. Even the testing is provided as a tailor-made service and, if the company is interested, we provide the tools enabling them to do it on their own."

Although humans are oftentimes the weakest link in the protection of IT environment in a company, the cause of their failure is usually not lack of interest, but little knowledge. The whole point of the courses and other educational tools offered by AEC is to support those facing the dangers on the front line as effectively as possible, while on top of this, they can relatively simply, but fundamentally, protect their company from a possible disaster.