How fintech startup Amount manages data security across cloud collaboration platforms with Nightfall: Watch the story now.
5 Tips for Training Non-IT Employees on Cybersecurity
Focus on the most common threatsThe goal of cybersecurity awareness training for non-IT employees is to keep it straightforward and easy-to-understand. Give employees the most important information and try not to overwhelm your coworkers with aspects of data and information security that they can’t influence. A good place to start is by identifying the four most common types of security threats, particularly those that have evolved during the pandemic. Advanced phishing attacks and ransomware are two such threats that employees can actively prevent. Teach your team how to identify a phishing email – and tell them what they need to do if they aren’t sure if an email is suspicious.
Use different communication toolsCybersecurity should be a top priority for every employee, but unfortunately, it competes with every other business priority a team member has to juggle. If you want non-IT professionals to read and register your information security training, you need to get creative in your communication tactics. “Sending out an email with a link to your cybersecurity policies probably isn’t the best way to make sure your message gets through crowded inboxes,” wrote the experts at CSO Online. Of course, email is one of the more convenient and effective ways to communicate cybersecurity awareness training – but make sure you send regular, frequent emails to keep cybersecurity top-of-mind. Vary the content within your emails too. Work with your internal communications team to create videos, infographics, and checklists that help employees understand what security measures they need to be practicing regularly. Some companies also send mock “phishing” emails to see if employees are paying attention. Test individuals with a fake spam message to see if they take the proper steps to contain and report the threat to your IT team.
Provide a cybersecurity checklistMost employees aren’t aware of where their data is vulnerable to hackers. Make it easy for your non-IT team members to provide regular cybersecurity audits. Send each team member a checklist, along with step-by-step directions and regular intervals at which they should repeat these steps. A cybersecurity checklist might include things like:
- Check the security of your WiFi connection (every month)
- Install anti-virus software and check for updates (every two weeks)
- Check for updates to security software (include a list of the software tools your team uses, such as privacy tools, browser add-ons, and third-party platforms; every two weeks)
- Back-up files to the cloud (every week)
- Lock your screens when working in a coworking space or cafe (every day)
- Use a VPN (every day)
- Encrypt sensitive data (every day)
Offer platform-specific trainingMany companies are using platforms like Slack and Google Drive for the first time. As a result, users may be unfamiliar with the security protocols required to keep data safe on new remote-work tools. Empower some employees to augment your IT team by providing specialized security training. On Slack, for instance, you can assign a team member to a higher administrative role: Primary Owner, Owner, or Admin. These admin roles are in charge of managing members, channels, and other administrative tasks – and can take a proactive role in managing user permissions to maintain Slack privacy. By providing advanced, platform-specific training, you can empower team members to help police internal cybersecurity risks on new remote-work platforms.
Have a backup solutionAs much as you can train your employees on cybersecurity, mistakes still happen. Most businesses anticipate adding more sophisticated cybersecurity software in addition to improving cybersecurity awareness training. A DLP solution can help mitigate some of the risk coming from your non-IT employees. Nightfall’s data loss prevention platform monitors your cloud to search for data leaks before they happen. Set custom actions to prevent employees from the unauthorized sharing of data. Delete messages that contain API keys and other credentials, personally identifiable information (PII) like credit card numbers, or protected health information (PHI) like medical record numbers. Nightfall can also help with user education. Set up automatic notifications to let team members know when they share data in unsafe ways across your cloud applications. With over 100+ detectors, Nightfall can be fully customized to scan your SaaS and IaaS environments to search for business-critical data that is at risk. Learn more about how Nightfall can protect your data security by setting up a demo below.
Subscribe to our newsletter
Receive our latest content and updates
Nightfall is the industry’s first cloud-native DLP platform that discovers, classifies, and protects data via machine learning. Nightfall is designed to work with popular SaaS applications like Slack, Google Drive, GitHub, Confluence, Jira, and many more via our Developer Platform. You can schedule a demo with us below to see the Nightfall platform in action.
Schedule a Demo
Select a time that works for you below for 30 minutes. Once confirmed, you’ll receive a calendar invite with a Zoom link. If you don’t see a suitable time, please reach out to us via email at firstname.lastname@example.org.