10 Questions to Test Your Employee's Cybersecurity Awareness

Every minute, 3,270 data records are lost or stolen.

That’s a staggering stat, and it really emphasizes how important cyber security is to your business. In addition to partnering with IT companies that really understand the value of data privacy, make sure you start from the ground up in your organization. Check in with your employees regularly to make sure they get these questions right:

1. It’s okay to leave your computer logged on when you run to get water, right?

Wrong. Especially in a close-knit business environment, employees often don’t see the harm in walking away from their desktop without logging off. This is a huge no-no. It fosters the sort of environment where employees are lackadaisical about company data. In addition to emphasizing that all employees log out before they walk out, make sure that your computers are set to automatically log users out within a few minutes of inactivity to protect against infiltration.

2. How can you tell if something’s a phishing scam?

In 2017, three quarters of organizations experienced phishing attacks. Employees need to know how to avoid these attacks. Encourage employees to forward phishing attacks to your cyber-security team to be used as examples. Emphasize cyber security awareness training to stop lapses before they occur.

3. Is your password just your dog’s name?

We all know by now that Bill Burr, who famously instituted the original password standards, admitted to regretting his input later on. Turns out that just sticking in a zero and inserting an explanation mark after your dog’s name (T0by!) isn’t enough. Current standards in password protection emphasize random strings that are easy for you to remember but really difficult for robots to crack.

4. Are you using your cellphone to share data?

Here’s a scary statistic: in the healthcare industry, between 2010 and 2017, more than 48% of breaches involved laptops, desktops, and mobile phones. Across all industries, in keeping with a more mobile and connected workforce, it just makes sense that data breaches would start to creep up on tablets and laptops and smartphones. While employees might be tempted to use their personal devices to access and share company information, using unsecured devices is a huge cyber security risk. Make sure they know unsecured smartphones and tablets are off limits for sensitive data.

5. Have you signed this privacy agreement?

If it ever comes down to it and an employee (accidentally or otherwise) breaches confidentiality or shares data inappropriately, you don’t want it to be a he-said-she-said situation. Make sure that your employees regularly signs cyber-privacy agreements so that you have access to back-up should the situation arise.

6. I’m your boss – can I use your password?

If they say yes, you’re in trouble. Your employees should know that it’s never okay to share passwords with colleagues or with you.

7. What is a firewall? How about encryption?

Your employees don’t need to be cyber-security professionals: that’s the purview of the IT company you partner with or use in-house But because cyber-security impacts every single person at an organization, they should be able to supply basic answers to simple questions about security. As an example, if your employee understands what encrypted data actually is, they might be less liable to use their mobile phone to share information.

8. Have you scheduled your training session?

Though it’s good to keep employees involved, at the end of the day this comes down to you as an employer. Schedule regular user training sessions and tailor them to your industry. If you’re in the financial sector, train your employees to recognize what information is sensitive. If you’re in the healthcare sector, make sure your employees are up to date on HIPAA regulations. Partner with an IT company that can help you develop training for your staff.

9. Would you click this attachment?

Every once in a while, consider testing your employees. Not in a mean way. If you send out a fake phishing scam, the results can show you which employees opened the attachment without checking it was secure. It’s not to be used as a shaming tool, but it can help highlight training opportunities.

10. Can you explain to customers why their data is safe?

Now, you don’t want your employees to give away private information about how your company keeps data secure. And your average employees don’t need to have as much knowledge as your IT Support. But if a consumer asks, your employees should be able to confidently state that customer data is secure. Eight out of ten people are concerned about businesses not keeping their private data secure, and your employees need to be able to ensure customers that basic steps are being taken to secure their information.

At the end of the day, your employees’ ability to keep data secure relies on a combination of great IT support and excellent management. Though working with IT companies to make sure all the correct systems are in place is important, it’s really up to you make sure your employees are trained, primed, and ready to make good decisions. If you need some guidance getting your staff up to speed on cyber security, contact us today.

Leave a Comment

Sign up to join our cybersecurity awareness list, and we'll pop up in your inbox every two weeks — about twice a month, with tips and insight on keeping your company safe.