BBB tips for training employees to beef up your business cybersecurity
One of my favorite statements I like to express frequently is, “Teamwork makes the dream work,” an expression of how valuable good employees are to any business or organization.
Not only can employees be the key to your company’s success, but they also can be great ambassadors to your customers and communities. And, if trained properly they can play a vital role in helping protect your company against cybersecurity threats.
If your employees can recognize social engineering attacks, spot fraudulent emails, identify fake websites, and maintain safe password practices, they are well-equipped to help on the front lines of defense against scams.
Scams against large businesses attract the headlines, but a breach against a small company or organization may have a much bigger impact and lead to financial devastation.
We hear stories all the time about the impact of business cyberattacks, and most recently a firm shared a breach incident that cost them $1 million to get their files back and two weeks of no emails.
Knowledge truly is power and one of the first actions you can take is to build awareness in your workforce. Ensure your employees understand the potential impact of scams and how they work. Help them understand what falling for a scam could cost your business.
Also consider creating a training program. Build a training program that fits the needs of your business. To do so, consider what scams your business is at high risk for and teach employees to recognize them. Give your staff plenty of real-life examples.
Keep your training concise, interactive, and user-friendly and if you need some suggestions our BBB will be happy help. Set up a training schedule, stick to it, and ensure new employees receive training during onboarding.
If you outsource, go with a reputable company. Many small business owners use third-party fraud training companies with premade videos, materials, and quizzes. Ensure it comes from a company with a good business reputation. Check business ratings at BBB.org and other third-party websites to ensure other business owners have found the materials helpful and the customer service satisfactory.
Encourage open communication and confirmation. Always encourage your workforce to speak up if they see something suspicious. Scammers often target multiple employees at a company, so if one person sounds the alarm, it could prevent others from falling victim. Train staff to slow down, think twice, and use known contact information to verify changes, payments, and other transactions.
Establish extra security procedures where necessary. Establish extra checks and balances for processes for paying invoices or approving expenses. This might mean making dual approval necessary for transactions over a certain dollar amount. This means you will decrease the likelihood of getting scammed.
Make it easy for your employees to report fraud and scams. Acknowledging that everyone makes mistakes can make your employees feel more comfortable reporting a scam.
Always implement the advice you give your employees personally. For example, if you forbid sending sensitive information, such as login IDs and passwords, in an email, don’t request those details from your staff by email.
Busy schedules and multiple distractions mean frequent reminders are necessary to help employees stay aware of scams. Consider reviewing your scam awareness training with your staff annually at the very least, and more often if possible.
Don’t feel alone. Embrace the strengthening of your employees to shore up your defenses. I am happy to share some of the resources and information of our organization to help in any way.
• Steve J. Bernas is president and CEO of the Better Business Bureau and can be reached at sbernas@chicago.bbb.org.