Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Education & TrainingCybersecurity News

Increase in Cybercrime Demands Fresh Attention to Employee Onboarding and Training

Cybersecurity training should be treated as an ongoing process and include employees across an enterprise’s footprint.

By Terri Howard
Increase in Cybercrime Demands Fresh Attention to Employee Onboarding and Training
Terri Howard

Terri Howard

Increase in Cybercrime Demands Fresh Attention to Employee Onboarding and Training
Terri Howard
August 1, 2017

Until the massive U.S. Target store credit and debit card data breach in 2013, the lasting impact of cybercrimes was a relatively unknown experience to most consumers, and it wasn’t on the top list of HR onboarding topics either. Flash-forward to today, and cyberattacks, hacking, data breaches and identity theft are household terms, and the need to educate employees about how their actions impact company cybersecurity is greater than ever.

Yet, as common as news headlines have become, a recent study conducted by International Data Corp (IDC) found most U.S. companies are underprepared to deal with cybersecurity threats.

While IT and cybersecurity professionals are experts at protecting networks and devices, and integrating security measures to anticipate a breach, that cannot serve as an organization’s be-all, end-all response. Employee education and training can help minimize cyber vulnerabilities and prepare employees for the event of a breach, in turn helping to protect the organization and its customers.

 

What Makes a Company Vulnerable?

Employees often are unaware of the potential consequences of their actions when working on a computer, laptop or mobile device and how those actions can open a company up to attacks. According to the United States Computer Emergency Readiness Team, it’s important to remind employees of the critical role they play in protecting the company from cyber threats.

The onboarding process starts with making the right hires. Background checks on potential candidates should be standard operating procedure. As new employees join the workforce, organizations also need to take extra precautions to be sure they have an effective training plan in place.

As part of the onboarding process, new employees should be warned to:

  • Exercise caution when opening email attachments, even if the attachment is expected and the sender appears to be known. Be particularly wary of compressed or ZIP file attachments.

  • Avoid clicking directly on website links in emails. Instead, users should type the link directly in the browser’s search bar or attempt to verify web addresses independently (e.g., contact the organization’s help desk or search the Internet for the main website of the organization or topic mentioned in the email).

  • Log off or use a screen saver when not in front of a computer.

  • Report any suspicious emails to the help desk or security office immediately.

  • Avoid unsecure Wi-Fi hotspots.

  • Be smart about peer-to-peer file sharing. Sharing files via flash drive is akin to college students sharing a drinking cup. Instead of spreading germs, the drives potentially spread viruses.

  • Follow company guidelines and restrictions for social networking sites like LinkedIn, Twitter, Facebook and Instagram. Consider putting a social media policy in place if you do not already have one.

  • Avoid downloading software or apps from unknown sources.

  • Maintain good password integrity.

  • Avoid sites at risk for malvertising.

  • Be smart about laptops or mobile devices that float between systems and could therefore pick up viruses or compromise the system.

After reviewing technology protocols with new hires, don’t be afraid to test the policy. Send a mock-questionable link to employees to see if they click on it, and implement consequences when an employee leaves the company open for a cyberattack. Cybersecurity training is not a one-time event or something that only applies to the IT department. It should be treated as an ongoing process and include employees across the company’s footprint.

 

Specialize Your Training

Beyond new hire training, most organizations will have an identified disaster preparedness team. Go a step further to bring that team up to speed on Cybercrimes 101 as well. While smart onboarding policies help prevent breaches, this type of training prepares your team for a breach response. What are common types of attacks? How does the scope of damage change based on the hackers’ motivations? What unique challenges are present when large data breaches occur? And how would the company be prepared to assist in victims’ recovery – emotionally and in terms of compromised identity or security?

During initial discussions, it often helps to rank potential threats in a matrix, from Least Likely-Least Damaging to Most Likely-Most Damaging, to account for a particular company’s highest risk areas. By doing so, your team can prepare for cybercrimes in the same way it might prepare for workplace violence incidents or natural disasters.

Dealing with a breach of customer or employee information will involve a variety of departments: executive leadership, communications, customer relations, HR, the organization’s employee assistance program (EAP) and possible outside support to funnel inquiries and concerns.

When outlining an organization’s cybercrimes threat matrix, highlight particular trouble areas and work with communications or HR to share best practice protections with the entire workforce. A basic internal education effort likely will look at aspects including:

 

Types of Attacks

Review the nature, probability and dangers of common attack methods like hacks, breaches, and phishing via email, texts or social media. Also review common entry points or data-rich targets within a company. Any system with data that can be monetized – health care records, bank information, credit card numbers, emails – can pose a risk and should be part of the response planning process.

 

Types of Motivation

Provide general background on the different categories of cyberattacks and how the scope, style and motivations of each play an important factor in developing the most appropriate response plan.

  • Cyber criminals are motivated by money and are typically responsible for hacks like retail data breaches and phishing attacks. There is high risk to individual customers in terms of compromised personal or financial data and identity theft.

  • Nation-states engage in cybercrimes to gain intelligence or sow disruption. The danger here is centered on corporate or industry infrastructure – everything from Wall Street to transportation to the electric grid – or on massive data collection, though the ramifications often spill over to individual consumers through city-wide loss of services.

  • Hacktivists are most likely after small-scale disruption, embarrassment or justice seeking, rather than personal financial information.

Take the education a step further by displaying tip sheets and posters around office common areas or by participating in ongoing cyber safety events like National Cyber Security Awareness Month or Safer Internet Day. Keeping the issue top of mind for your team helps mitigate risk and build resiliency.

KEYWORDS: cybercrime phishing security awareness

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Terri Howard, Senior Director at FEI Behavioral Health, is responsible for working with corporate clients to ensure companies are prepared for, can respond to and recover from a crisis incident. She also coordinates the people support and psychological first aid services for those impacted by a crisis incident and is experienced in developing drills and exercises aimed at testing current crisis management plans and procedures.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Enterprise Services
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Logical Security
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Coding

AI Emerges as the Top Concern for Security Leaders

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

Shopping mall

Victoria’s Secret Security Incident Shuts Down Website

Laptop with coding on ground

Stepping Into the Light: Why CISOs Are Replacing Black-Box Security With Open-Source XDR

Gift cards and credit cards

Why Are Cyberattacks Targeting Retail? Experts Share Their Thoughts

2025 Security Benchmark banner

Events

June 24, 2025

Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

For today's security teams, making informed decisions in the first moments of a crisis is critical.

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

From animal habitats to bustling crowds of visitors, a zoo is a one-of-a-kind environment for deploying modern security technologies.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Person-working-in-laptop.jpg

    7 ways to protect against cybersecurity threats in digital onboarding

    See More
  • healthcare

    Bringing greater attention and awareness to cybersecurity practices in the global public health sector

    See More
  • SEC0919-Edu1-Feat-slide1_900px

    Employee Training to Prevent Workplace Violence and Active Shooter Events

    See More

Events

View AllSubmit An Event
  • August 27, 2025

    Risk Mitigation as a Competitive Edge

    In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing