Tools and Techniques to Engage Employees in Cybersecurity

As we close the books on another Cybersecurity Awareness Month, it’s clear that cybersecurity should be a priority all twelve months—not just one. To do so, security teams should emphasize practical tools (the what) and techniques (the how) to keep the company and employees safe.
November 2, 2021

As we close the books on another Cybersecurity Awareness Month, it’s clear that cybersecurity should be a priority all twelve months—not just one. To do so, security teams should emphasize practical tools (the what) and techniques (the how) to keep the company and employees safe.

Many of these also have a downstream personal impact for employees, which enforces good behaviors that reduce risk in the workplace. Combined, they can provide the information necessary to keep organizations safe from ever-evolving threats.

The What: Practical Tools for Cybersecurity

Multi-factor authentication (MFA) is probably one of the best deterrents for account takeover, particularly when it comes to email and social media accounts. Enable MFA on everything, and require it when you can. If an account is accessible from the Internet and does not support MFA, it's best to assume compromise at some point. Furthermore, encourage employees not to rely on SMS (text) as a form of authentication if the MFA service will support an authenticator app like Google Authenticator or Duo. As engineering teams have become more aware of the need for security, nearly all popular social media sites, banking apps, and e-commerce sites support multi-factor authentication. Make sure to use it!

In addition to MFA, using long, random, and unique passwords on each individual website is a great way to protect against password spray attacks. Remembering all of those passwords would be a nightmare, (imagine trying to remember 50+ passwords full of random 20 digits) so using a password manager is another way to raise the bar on cybersecurity. Most password managers like 1Password or LastPass will check your passwords against a database of known password breaches to further reduce the risk of it being used by an attacker. Password managers are inexpensive to use personally and easily integrate with smartphones and web browsers to expand their coverage, wherever you log on to websites.

While these two tools alone will significantly reduce risk for organizations and employees alike, security professionals should consider advanced controls to stop the sophisticated attacks that MFA and strong passwords simply can't always thwart.

For email specifically, we recommend that all organizations employ security awareness training and encourage the use of a phish button. This will help employees understand the problem and report anything that may bypass native security controls or the secure email gateway. In addition, the Abnormal Security platform can be added to stop socially-engineered attacks that rarely contain traditional indicators of compromise and are thus harder to detect. When combined with the tools and platforms listed here, you can be confident that your employees are protected against account takeovers and other advanced attacks.

The How: Techniques to Keep Cybersecurity Top of Mind

Along with tools, several techniques will bolster awareness and create a cyber-savvy culture long after October is over. Continuing with bite-sized and frequent awareness messages throughout the year will reinforce the core concepts covered during Cybersecurity Awareness Month, and keep employees aware of changing threats. Targeting times throughout the year when attackers tend to prey on target, especially during the holidays, tax time, or when disasters strike, keeps employees on the lookout for new attacks and unique social engineering attempts.

Unfortunately, most organizations simply don’t have the luxury of hiring an army of cybersecurity professionals, so it’s important to spread this initiative across various teams. Leveraging advocates and "Security Ambassadors" within the business effectively maintains a continuous focus on cybersecurity and provides unique voices so the message is not always coming from the same security leaders. Employees tend to listen to peers and other co-workers within their function, so security advocates can be a force multiplier and drive home the reality that effective cybersecurity is a team sport.

Finally, encourage employees to report things that seem abnormal. Whether using a phishing button or contacting someone on the security team, the time to respond is always a critical component. The faster the security team can investigate and respond to a security event, the more opportunity the company has to reduce the potential impact. Companies also need to ensure that employees feel safe reporting incidents when they happen—especially if it may be due to human error. If someone clicked on a link or responded to a fake invoice, the last thing an organization should want is for the employee to hide their actions for fear of negative repercussions.

That doesn't mean there aren't sometimes consequences that arise from bad choices, but if a company doesn't promote transparency and openness regarding security events, employees will avoid reporting events. Their inaction will only increase the impact these events may cause, so maintaining open communication is vital to securing the organization.

Securing Your Organization All Year

The tools and techniques presented here are only the beginning of what is available to you to help protect your company and your employees from cyber attacks. And like I mentioned at the start of the month, proving new and exciting ways to get employees involved in their own security can make the difference in how much they remember—and how safe your organization is.

What other tips do you have to ensure cybersecurity stays important all year? Let me know on LinkedIn!

Interested in seeing how Abnormal can help protect your employees, before they need to use the phishing button? Schedule a demo now.

Tools and Techniques to Engage Employees in Cybersecurity

See Abnormal in Action

Schedule a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

 

See the Abnormal Solution to the Email Security Problem

Protect your organization from the full spectrum of email attacks with Abnormal.

See a Demo
 
Integrates Insights Reporting 09 08 22

Related Posts

B Firebrick Ostrich Blog
Discover how Firebrick Ostrich uses open-source intelligence to run their BEC scams in these supply chain compromise examples.
Read More
B 1 30 23 Product Recap
This winter, Abnormal added three new Knowledge Bases, multi-tenant management, and more to protect cloud users against email platform attacks.
Read More
B Artificial Intelligence Address Email Threats
In part 3 of our 5-part series, Ed Amoroso discusses how artificial intelligence (AI) technology is particularly useful for reducing cyber risks to cloud email.
Read More
CFO2 B
CFO Adam Meister of Clari discusses cybersecurity spending and risk tolerance amid unpredictable economic shifts.
Read More
SEG
Secure email gateways (SEGs) have proven effective in the past, but they are ineffective against modern social engineering tactics and targeted email threats.
Read More
B 1500x1500 Knowledge Base People Base L1 R1
Discover how Abnormal uses contextual, behavioral data to uncover anomalous activity across logins and devices with PeopleBase.
Read More