cybersecurity awareness

Cybersecurity Training – A Corporate Responsibility

Meeting your corporate Cybersecurity training obligations

The cybersecurity threat landscape is becoming more perilous in 2024 as the rise of AI adds a further risk dimension.

Companies are both ethically and legally required to act in order to prevent cyberattacks. While creating a safe online ecosystem for business to take place is a noble aim, the POPI Act compels businesses to take concrete measures to protect sensitive business and client data.

Failure to comply with the POPI Act could result in fines of up to R10 million and possible jail time, making it even more crucial to train your staff comprehensively. 

In this article, we look at the need for proactive cybersecurity training and what aspects your business should focus on.

The new threat of AI 

The availability of generative AI means that language models are potentially being used to create extremely convincing phishing emails and other fraudulent documents. These may be indistinguishable from a credible internal communication or message from a client, increasing the likelihood of cyberattacks hitting their mark: overly trusting employees.

Data from the South African Banking Risk Information Centre shows cyberattacks in South Africa up by 22% in 2023. 

Of particular concern are the phishing and ransomware crimes, with the number of victims who made ransomware payments having risen by 20% in 2023 alone. 

To avoid a situation where unsuspecting employees are implicated in cyberattacks and face severe consequences, including dismissal and possibly criminal action, companies need to ensure that their teams are well trained in all aspects of cyberthreat awareness and risk management.

In general, many attacks tend to take place not because employees were in cahoots with cybercriminals, but simply because they were fooled by them.

Preventing this type of incident may not be easy, but companies that can identify the most common online security mistakes made by their staff have a better chance of correcting them through positive training.

With new employees, this type of training should take place during the onboarding process, with existing staff regularly upskilled so that all teams have up to date cybersecurity awareness and are fully prepared to handle sensitive data with the upmost of caution.

Critical training focus for enhanced cybersecurity

Weak passwords 

  • Choosing a password that you can remember is important, but some employees still opt for the trusty old “12345” or “password” which is incredibly easy for cybercriminals to guess. 
  • Additionally, others may choose a strong password but render it useless by writing it down on a sticky note displayed in the office. This could easily come to the attention of the wrong person and result in a data breach. 
  • Staff members should choose long passwords with a mix of numbers, letters, and symbols, and secure their devices using two factor authentication whenever possible. 

Sharing passwords

  • Employees who use the same computer or device may end up sharing a login password out of necessity. 
  • A clear solution for this problem is to issue each employee with their own device or let them bring their own. 
  • If they do share a computer, it’s essential for each user to have individual logins with credentials that only they know. 

Unauthorised users accessing work devices

  • Employees may think it’s harmless to take the company laptop home and let their children use it to write school reports or browse the internet, but if the device becomes subject to a cyberattack, the unauthorised user could get the employee in serious hot water.
  • Separating work and play devices is essential not only to protect company data but also to prevent family members from being implicated in a cybercrime. 

Don’t forget to cover the cybersecurity basics for peace of mind 

Failing to update security software, outdated firewalls, and relying on physical storage alone are some other ways that staff members could unknowingly open the door to cybercrime. 

Soteria’s range of secure backup solutions take the guesswork out of keeping your files safe in the cloud. Learn more about our packages for businesses of all sizes by visiting our website today.