Nowadays, most companies recognize the importance of deploying cybersecurity measures, including anti-malware programs, firewalls, and data encryption. But thinking that these technologies will protect you from every threat is akin to thinking a bulletproof vest will save you from a tank.

The truth is, if a hacker can’t get through your firewall, they can just get around it by targeting reckless users, whether it’s upper management, sales staff, or Janet from accounting.

In other words, no matter how souped up your security system is, it won’t matter if your employees are constantly fooled by ‘Nigerian Princes’ or CEOs begging for money (we’re not kidding, this is actually more common than you think).

Fortunately, there’s one thing you can do to make a hacker’s life difficult.

Security training: Boring but necessary

From Target’s massive slip to Twitter’s CEO setting his password as “nopass”, there is no shortage of examples of how people are the weakest links in any cybersecurity strategy. But with regular security training seminars, you won’t have to worry about seeing your name on the headlines for the wrong reasons.

So what should you be teaching your employees?

Some emails look better in the trash

Most scams bank on people gullible enough to think, “Yeah, I should totally give this stranger my personal information.” To be fair though, scams today are trickier than ever.

Phishing emails, which are generally used to start a cyberattack, will often work by establishing trust by masquerading as a legitimate business or someone the victim knows personally. They will then try to get the victim to give away sensitive information such as login details, or worse, download a malicious program.

The emails may vary but they usually alert people to a “problem with their account” or entice them with a special offer that’s too good to be true.

The real world version of a phishing scam.

The real world version of a phishing scam.

By conducting monthly seminars about the latest scams, your employees will naturally develop a keen eye for malicious emails, websites, links, and downloadable files.

Be more original with passwords

You’d think passwords like “123456” or “password” were so comically bad that no one would use them, but for five consecutive years, they’ve been the most frequently used. What’s worse is people tend to reuse the same passwords across their accounts, which is essentially the same as leaving multiple entryways unguarded.



There’s no valid reason for setting weak passwords.

Dedicate one of your training sessions to password best practices. This means teaching employees the importance of using different passwords for each account and showing them what an ideal password looks like -- a long, random sequence of letters, numbers and symbols.

TMI is dangerous

Much like your crazy ex, hackers are constantly stalking your social media accounts to see where you’ve been and if there’s any useful information they can use against you. The difference is, hackers aren’t too concerned about whether you had fun last weekend.

The personal details your employees post could provide answers to password reset questions and enough detail for hackers to make a convincing phishing attack. Even something as harmless as posting a photo of a plane ticket is enough for a hacker to know your entire life story -- or at least steal your identity.

“Hmm should I post my social security number, too?”

“Hmm should I post my social security number, too?”

We’re not saying your employees should get off the grid (although you may at times wish that were true), just that they should be trained to watch what they share online.

On a serious note: There are plenty more lessons you should be teaching your employees, but the most important one is that cyberattacks are always evolving. Technology will continue to play a crucial role in keeping your business safe, but it can never be effective without the human element. That’s why year-round cybersecurity awareness training is vital for transforming your end users from the weakest link to an impenetrable firewall of flesh.

At Red Key Solutions, we know what it takes to make a hacker’s life a living hell. We provide cutting-edge tools and expertise to protect you from any cyberattack. Call us today to find out more.

Red Key is a leading cybersecurity company serving New York City, Westchester County, Fairfield County Connecticut, California & beyond. Click here to learn more.