Claims Login      COBRA Login      Survey Login        Get In Touch

Ask the Experts: Requiring Cybersecurity Training | PA Benefit Advisors

Question: We are a small company—40 employees. Are there policies we should have in place for cybersecurity? Can we make employee training on cybersecurity mandatory?

Answer: Companies of all sizes are smart to be concerned about cybersecurity, especially in light of the recent WannaCry ransomware attack. There are steps you can take to reduce the risks as the first line of defense against data breaches, malware infiltration, and various other security risks. Employees are your first line of defense and ensuring that they are trained to identify and report suspicious emails and other security threats is important. The decision on whether cybersecurity training should be mandatory is yours. You can consider assigning employees a training course and allowing them ample time to complete it or adding it to new employee onboarding activities.

It’s a good idea to train employees to:

  • Be skeptical—if they receive an email, view a webpage, or see a social media post with a too-good-to-be-true offer, they should think before clicking.
  • Report suspicious emails—give employees concrete information on how to report emails that may be phishing (attempts to get employees to share confidential or sensitive information) or fraudulent.
  • Ask questions like:
  • Do I recognize the sender’s email address?
  • Do I recognize anyone else copied on the email?
  • Is the domain in the email address spelled correctly or is it simply close to the actual URL (like amazon.com versus anazon.com)?
  • Would I normally receive an email from this individual?

Remind employees that they should never click on a link in an email or open an attachment until they are absolutely certain that the link or attachment is valid. You can consider a simple reminder like “Think! Don’t click!” that you include in informational emails about cybersecurity.

Finally, we do recommend having a published cybersecurity policy. Include it in your employee handbook and be sure to review it with current and new employees. Your policy should include guidelines for:

  • IT assets and mobile devices.
  • Access control.
  • Maintenance of antivirus software.
  • Contractors, vendors, and outsourcing.

In addition, the policy should include information about the repercussions of noncompliance.

Originally published by www.thinkhr.com

Securities offered through Registered Representatives of Cambridge Investment Research, Inc., a broker-dealer, member FINRA www.finra.org / SIPC www.sipc.org, to residents of: DC, FL, MD, NJ, NY, OH, PA, SC, TX, CA, CO, GA, and OK. Advisory services through Cambridge Investment Research Advisors, Inc., a Registered Investment Adviser. Webber Advisors and the Leavitt Group are not affiliated with Cambridge. Fixed insurance and benefit services are not offered through Cambridge.

Testimonials provided are related to insurance and employee benefit services.

Privacy Policy

Top