Tools and Techniques to Engage Employees in Cybersecurity

November 2, 2021

As we close the books on another Cybersecurity Awareness Month, it’s clear that cybersecurity should be a priority all twelve months—not just one. To do so, security teams should emphasize practical tools (the what) and techniques (the how) to keep the company and employees safe.

Many of these also have a downstream personal impact for employees, which enforces good behaviors that reduce risk in the workplace. Combined, they can provide the information necessary to keep organizations safe from ever-evolving threats.

The What: Practical Tools for Cybersecurity

Multi-factor authentication (MFA) is probably one of the best deterrents for account takeover, particularly when it comes to email and social media accounts. Enable MFA on everything, and require it when you can. If an account is accessible from the Internet and does not support MFA, it's best to assume compromise at some point. Furthermore, encourage employees not to rely on SMS (text) as a form of authentication if the MFA service will support an authenticator app like Google Authenticator or Duo. As engineering teams have become more aware of the need for security, nearly all popular social media sites, banking apps, and e-commerce sites support multi-factor authentication. Make sure to use it!

In addition to MFA, using long, random, and unique passwords on each individual website is a great way to protect against password spray attacks. Remembering all of those passwords would be a nightmare, (imagine trying to remember 50+ passwords full of random 20 digits) so using a password manager is another way to raise the bar on cybersecurity. Most password managers like 1Password or LastPass will check your passwords against a database of known password breaches to further reduce the risk of it being used by an attacker. Password managers are inexpensive to use personally and easily integrate with smartphones and web browsers to expand their coverage, wherever you log on to websites.

While these two tools alone will significantly reduce risk for organizations and employees alike, security professionals should consider advanced controls to stop the sophisticated attacks that MFA and strong passwords simply can't always thwart.

For email specifically, we recommend that all organizations employ security awareness training and encourage the use of a phish button. This will help employees understand the problem and report anything that may bypass native security controls or the secure email gateway. In addition, the Abnormal Security platform can be added to stop socially-engineered attacks that rarely contain traditional indicators of compromise and are thus harder to detect. When combined with the tools and platforms listed here, you can be confident that your employees are protected against account takeovers and other advanced attacks.

The How: Techniques to Keep Cybersecurity Top of Mind

Along with tools, several techniques will bolster awareness and create a cyber-savvy culture long after October is over. Continuing with bite-sized and frequent awareness messages throughout the year will reinforce the core concepts covered during Cybersecurity Awareness Month, and keep employees aware of changing threats. Targeting times throughout the year when attackers tend to prey on target, especially during the holidays, tax time, or when disasters strike, keeps employees on the lookout for new attacks and unique social engineering attempts.

Unfortunately, most organizations simply don’t have the luxury of hiring an army of cybersecurity professionals, so it’s important to spread this initiative across various teams. Leveraging advocates and "Security Ambassadors" within the business effectively maintains a continuous focus on cybersecurity and provides unique voices so the message is not always coming from the same security leaders. Employees tend to listen to peers and other co-workers within their function, so security advocates can be a force multiplier and drive home the reality that effective cybersecurity is a team sport.

Finally, encourage employees to report things that seem abnormal. Whether using a phishing button or contacting someone on the security team, the time to respond is always a critical component. The faster the security team can investigate and respond to a security event, the more opportunity the company has to reduce the potential impact. Companies also need to ensure that employees feel safe reporting incidents when they happen—especially if it may be due to human error. If someone clicked on a link or responded to a fake invoice, the last thing an organization should want is for the employee to hide their actions for fear of negative repercussions.

That doesn't mean there aren't sometimes consequences that arise from bad choices, but if a company doesn't promote transparency and openness regarding security events, employees will avoid reporting events. Their inaction will only increase the impact these events may cause, so maintaining open communication is vital to securing the organization.

Securing Your Organization All Year

The tools and techniques presented here are only the beginning of what is available to you to help protect your company and your employees from cyber attacks. And like I mentioned at the start of the month, proving new and exciting ways to get employees involved in their own security can make the difference in how much they remember—and how safe your organization is.

What other tips do you have to ensure cybersecurity stays important all year? Let me know on LinkedIn!

Interested in seeing how Abnormal can help protect your employees, before they need to use the phishing button? Schedule a demo now.

Image

Prevent the Attacks That Matter Most

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Demo 2x 1

See the Abnormal Solution to the Email Security Problem

Protect your organization from the attacks that matter most with Abnormal Integrated Cloud Email Security.

Related Posts

B 05 11 22 Scaling Out Redis
As we’ve scaled our customer base, the size of our datasets has also grown. With our rapid expansion, we were on track to hit the data storage limit of our Redis server in two months, so we needed to figure out a way to scale beyond this—and fast!
Read More
B 05 17 22 Impersonation Attack
See how threat actors used a single mailbox compromise and spoofed domains to subtly impersonate individuals and businesses to coerce victims to pay fraudulent vendor invoices.
Read More
B 05 14 22 Best Workplace
We are over the moon to announce Abnormal has been named one of Inc. Magazine's Best Workplaces of 2022! Learn more about our commitment to our workforce.
Read More
B 05 13 22 Spring Product Release
This quarter, the team at Abnormal launched new features to improve lateral attack detection, role-based access control (RBAC), and explainable AI. Take a deep dive into all of the latest product enhancements.
Read More
B 05 11 22 Champion Finalist
Abnormal has been selected as a Security Customer Champion finalist in the Microsoft Security Excellence Awards! Here’s a look at why.
Read More
Blog series c cover
When we raised our Series B funding 18 months ago, I promised our customers greater value, more capabilities, and better customer support. We’ve delivered on each of those promises and as we receive an even larger investment, I’m excited about how we can continue to further deliver on each of them.
Read More
B 05 09 22 Partner Community
It’s an honor to be named one of CRN’s 2022 Women of the Channel. Here’s why I appreciate the award and what I love about being a Channel Account Manager at Abnormal.
Read More
B 05 05 22 Fast Facts
Watch this short video to learn current trends and key issues in cloud email security, including how to protect your organization against modern threats.
Read More
B 05 03 22
Like all threats in the cyber threat landscape, ransomware will continue to evolve over time. This post builds on our prior research and looks at the changes we observed in the ransomware threat landscape in the first quarter of 2022.
Read More
B 04 28 22 8 Key Differences
At Abnormal, we pride ourselves on our excellent machine learning engineering team. Here are some patterns we use to distinguish between effective and ineffective ML engineers.
Read More
B 04 26 22 Webinar Re Replacing Your SEG
Learn how Microsoft 365 and Abnormal work together to provide comprehensive defense-in-depth protection in part two of our webinar recap.
Read More
Blog mitigate threats cover
Learn about the most common socially-engineered attacks and why these tactics are still so successful—despite a growing awareness from employees.
Read More