chat
expand_more

Tools and Techniques to Engage Employees in Cybersecurity

As we close the books on another Cybersecurity Awareness Month, it’s clear that cybersecurity should be a priority all twelve months—not just one. To do so, security teams should emphasize practical tools (the what) and techniques (the how) to keep the company and employees safe.
November 2, 2021

As we close the books on another Cybersecurity Awareness Month, it’s clear that cybersecurity should be a priority all twelve months—not just one. To do so, security teams should emphasize practical tools (the what) and techniques (the how) to keep the company and employees safe.

Many of these also have a downstream personal impact for employees, which enforces good behaviors that reduce risk in the workplace. Combined, they can provide the information necessary to keep organizations safe from ever-evolving threats.

The What: Practical Tools for Cybersecurity

Multi-factor authentication (MFA) is probably one of the best deterrents for account takeover, particularly when it comes to email and social media accounts. Enable MFA on everything, and require it when you can. If an account is accessible from the Internet and does not support MFA, it's best to assume compromise at some point. Furthermore, encourage employees not to rely on SMS (text) as a form of authentication if the MFA service will support an authenticator app like Google Authenticator or Duo. As engineering teams have become more aware of the need for security, nearly all popular social media sites, banking apps, and e-commerce sites support multi-factor authentication. Make sure to use it!

In addition to MFA, using long, random, and unique passwords on each individual website is a great way to protect against password spray attacks. Remembering all of those passwords would be a nightmare, (imagine trying to remember 50+ passwords full of random 20 digits) so using a password manager is another way to raise the bar on cybersecurity. Most password managers like 1Password or LastPass will check your passwords against a database of known password breaches to further reduce the risk of it being used by an attacker. Password managers are inexpensive to use personally and easily integrate with smartphones and web browsers to expand their coverage, wherever you log on to websites.

While these two tools alone will significantly reduce risk for organizations and employees alike, security professionals should consider advanced controls to stop the sophisticated attacks that MFA and strong passwords simply can't always thwart.

For email specifically, we recommend that all organizations employ security awareness training and encourage the use of a phish button. This will help employees understand the problem and report anything that may bypass native security controls or the secure email gateway. In addition, the Abnormal Security platform can be added to stop socially-engineered attacks that rarely contain traditional indicators of compromise and are thus harder to detect. When combined with the tools and platforms listed here, you can be confident that your employees are protected against account takeovers and other advanced attacks.

The How: Techniques to Keep Cybersecurity Top of Mind

Along with tools, several techniques will bolster awareness and create a cyber-savvy culture long after October is over. Continuing with bite-sized and frequent awareness messages throughout the year will reinforce the core concepts covered during Cybersecurity Awareness Month, and keep employees aware of changing threats. Targeting times throughout the year when attackers tend to prey on target, especially during the holidays, tax time, or when disasters strike, keeps employees on the lookout for new attacks and unique social engineering attempts.

Unfortunately, most organizations simply don’t have the luxury of hiring an army of cybersecurity professionals, so it’s important to spread this initiative across various teams. Leveraging advocates and "Security Ambassadors" within the business effectively maintains a continuous focus on cybersecurity and provides unique voices so the message is not always coming from the same security leaders. Employees tend to listen to peers and other co-workers within their function, so security advocates can be a force multiplier and drive home the reality that effective cybersecurity is a team sport.

Finally, encourage employees to report things that seem abnormal. Whether using a phishing button or contacting someone on the security team, the time to respond is always a critical component. The faster the security team can investigate and respond to a security event, the more opportunity the company has to reduce the potential impact. Companies also need to ensure that employees feel safe reporting incidents when they happen—especially if it may be due to human error. If someone clicked on a link or responded to a fake invoice, the last thing an organization should want is for the employee to hide their actions for fear of negative repercussions.

That doesn't mean there aren't sometimes consequences that arise from bad choices, but if a company doesn't promote transparency and openness regarding security events, employees will avoid reporting events. Their inaction will only increase the impact these events may cause, so maintaining open communication is vital to securing the organization.

Securing Your Organization All Year

The tools and techniques presented here are only the beginning of what is available to you to help protect your company and your employees from cyber attacks. And like I mentioned at the start of the month, proving new and exciting ways to get employees involved in their own security can make the difference in how much they remember—and how safe your organization is.

What other tips do you have to ensure cybersecurity stays important all year? Let me know on LinkedIn!

Interested in seeing how Abnormal can help protect your employees, before they need to use the phishing button? Schedule a demo now.

Tools and Techniques to Engage Employees in Cybersecurity

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Get AI Protection for Your Human Interactions

Protect your organization from socially-engineered email attacks that target human behavior.
Request a Demo
Request a Demo

Related Posts

B Gift Card Scams Tricker to Spot Blog
Learn why gift card scams are becoming more difficult to identify, how cybercriminals evolve their tactics, and strategies to protect your organization.
Read More
B Offensive AI 12 16 24
Learn how AI is used in cybersecurity, what defensive AI vs. offensive AI means, and how to use defensive AI to combat offensive AI.
Read More
B Proofpoint Customer Story Blog 7
See how Abnormal's AI helped a Fortune 500 insurance provider detect 27,847 threats missed by Proofpoint and save 6,600+ hours in employee productivity.
Read More
B Cyberattack Forecast Emerging Threats Blog
Uncover the latest email threats and strategies to strengthen your cybersecurity and prepare for 2025.
Read More
B How Phishing Kits Work Blog
Learn how phishing kits provide pre-packaged tools for stealing credentials, bypassing MFA, and targeting platforms like Gmail and Microsoft 365.
Read More
ABN Innovate Blog 1 L1 R1
Join Abnormal Security for a one-day virtual conference featuring the best insights from cybersecurity experts and AI leaders.
Read More