Employee Security Training


October 28, 2021

Why Cybersecurity Employee Awareness Training Should Be at the Heart of Your Company’s Digital Defenses

What’s the best cybersecurity tool a company can have? Your employees. It’s surprising, but true. Hackers most likely gain access to your company through the digital doors your employees unwittingly open. And your employees have the power to slam those doors shut, if they have the right employee security training.

Consider these facts, recently reported by cybersecurity training company, KnowB4:

  • 91 percent of all successful data breaches started with hackers successfully “phishing” an employee through infected email links
  • 81 percent of hacker-originated breaches started with stolen or weak employee passwords

Those cyberattacks could cost your company big. Hackers have diversified. They’re selling your trade secrets on the dark web, threatening customers with hacks, and locking up your internet service entirely. The numbers are troubling. According to the The US Department of Treasury, American companies paid $5.2 billion in ransomware extortion payments in 2020. Sixty percent of targeted companies paid out an average of $280,000 per attack. Clearly, employee security training should be job #1 in your company if you want to avoid becoming another statistic.

So, how do you put together a cybersecurity employee training that’s up to date, and up to the job? Let’s talk about what the best employee security trainings have in common.

How to Administer an Employee Security Training Program at Your Company

For your cybersecurity employee training to be successful, it has to be a no-excuses requirement for all employees. Any employee with access your system should be trained. This should include full time employees, part time employees, remote employees, and contractors with system access.

We strongly recommend that companies use an online training system that can track who has completed the trainings. A qualified managed service provider like Integris can connect you to online programs to meet your company’s needs. Make a longer training required for all new hires coming into your network. In addition, you can eliminate many misunderstandings with a well-written bring your own device policy. Several times a year, send out short, security update trainings that will reinforce your employee’s knowledge. We also recommend online training programs that have testing baked into the system. These programs track an employee’s progress and test their comprehension of the material as they go.

Online training programs have made top-quality education available to even the smallest companies. And best of all, you can get it in affordable, scalable packages that are geared for your budget. So, now that we’ve discussed how to implement a training program, what kind of material should be taught? We have some ideas.

What Employee Security Training Should Cover

Every employee security training should educate around the headlines, showing your staff what hackers are capable of doing. With the right program, employees will come away feeling empowered. They’ll understand the critical role they play as gatekeepers of your company’s data. Employees that are data safe in the workplace tend to be datasafe with their personal data, too.

If you’re wondering how to talk to your employees about cybersecurity, we believe these topics are where to start:


Phishing attacks occur when hackers send emails encouraging your employees to click on links, download free offers, or open attachments. When they do, malware spreads through your system. And it’s not just relegated to Nigerian price email scams. Hackers have gotten remarkably sophisticated. Now, they can impersonate your IT department or your CEO, spoof package “tracking emails,” and make phone calls demanding personal information or passwords. Your employee security training should include common sense tactics for spotting suspicious emails or calls.

Physical Security

This should cover basics of securely entering buildings and protocol on guests and visitors. It should also cover cover proactive steps like leaving your desk locked and your passwords out of sight.

Logging onto the network away from home

In any training, you should explain the dangers of logging on to unfamiliar wifi systems while working on company or personal devices. It’s also a good opportunity to discuss your company’s Bring Your Own Device policy.

Password Security

This is a very basic topic, but one that a surprising number of people don’t understand. Talk to your employees about the mechanics of a good password, how they should be stored, when they should be changed, and the risk of reusing passwords across platforms. A company full of employees with hard to guess passwords is a first line of defense for most companies.

What Malware Can Do

Most employees don’t understand how truly dangerous malware is, let alone how it gets into the system in the first place. Use your training program to frame the severity of the problem, and discuss the types of malware in the hacker’s toolbox. Teach employees how to spot the telltale signs of malware in the system, and how to report suspicious activity online.

These topics cover information that should be mission-critical at any company. That’s why when clients ask us: “how effective is employee cybersecurity training?” We say “very.” If your company is committed to the ongoing training of these topics, you can lower your cybersecurity risks substantially. This commitment will be looked on favorably by your cybersecurity insurance provider, as well as clients, vendors, and business partners.

Now that you know what your employee security training should cover, how do should you shop for one? Here’s what we recommend.

Your Employee Security Training: Next Steps

Now it’s time to find an managed service provider that can supply you with a prepackaged online cybersecurity training program. You should also ask for consulting time to evaluate where the holes are in your security procedures and policies. A good managed service IT provider like Integris can help you address your risks with the right program. If you want to learn more about the topic, read our recent blog on data breach prevention and your small business. Or, if you’re in our service areas, contact us to get an estimate on our IT security and awareness training.

Susan Gosselin is a Senior Content Writer for Integris. A career communicator and business journalist, she's written extensively on IT topics and trends for IT service providers like Iconic IT and ProCoders Ukraine, as well as business publications such as Technologyadvice.com, Datamation.com, The Lane Report and many others. Connect with her on LinkedIn.

Keep reading

vCIO vs. vCISO: What’s The Difference? 

vCIO vs. vCISO: What’s The Difference? 

Managing your IT operations is a big job, especially if you're a small or mid-sized company without the resources to hire a full internal IT staff. In these cases, most companies hire a managed IT service provider to fill the gaps. Yet, knowing who to hire and what...

Retainers for vCIOs and vCISOs: A Comprehensive Guide

Retainers for vCIOs and vCISOs: A Comprehensive Guide

If you're running an IT department at a small to mid-size company, you know— the demands on your infrastructure are greater than ever. Cyber threats are growing at an alarming pace, primarily fueled by the accessibility of AI to hackers. Cloud productivity, system...