Battling Cyber Threats Begins With Employee Education Even the best of software and technology is useless without appropriate human training.

By Kelly Ricker

Opinions expressed by Entrepreneur contributors are their own.


Technology is a driving force for organizational goals. The rapid adoption of cloud computing and the widespread availability of mobile devices and apps has moved technology from serving as simply a support mechanism to the critical differentiator in the way in which companies operate day-to-day and in how they prepare for the future.

As technology grows in its importance, so does the issue of security. Companies of all sizes consistently rate security as a top priority among all of their technology issues. Clearly businesses seem to understand the importance good security practices. But are they taking the right steps?

Related: 7 Cybersecurity Layers Every Entrepreneur Needs to Understand

Companies have good reason to be concerned. The threat of cybercrime is very real and the impact of becoming a cybercrime victim is potentially catastrophic.

In its "2015 Cost of Cyber Crime Study" the Ponemon Institute found that the number of cyberattacks against governments and commercial enterprises continues to grow in frequency and severity. The average cost of a single cybercrime is $7.7 million. While this figure is skewed by large enterprises, the per capita cost for a small business ($1,388) is significantly higher than the cost for a large firm ($431).

Large or small, public or private sector, all organizations must embrace a comprehensive approach to cybersecurity that's built on the foundation of three critical elements: risk assessment, new security tools and the human element.

Risk assessment.

Assessing risk is not a new concept for businesses, especially within firms with a strong project management mindset. But the time has come for more organizations to engage in and apply a rigorous analysis of its security practices.

Typical analysis activities include determining the probability of a risk, estimating the potential impact, and determining mitigation strategies. The time and effort involved in building mitigation is directly related to the probability and impact. A high probably/high impact risk requires much more robust mitigation than a low probability/low impact risk.

Related: Why Small-Business Entrepreneurs Should Care About Cybersecurity

New cybersecurity tools available.

Firewalls may not be a complete security solution anymore, but they are still a critical part of the security preparedness. Companies may need to update their firewall, as their function has evolved from filtering traffic to restricting traffic.

Other new security tools to consider include Data Loss Prevention (DLP) technology, which tracks data to watch for inappropriate behavior; and Identity and Access Management (IAM) recognizes users in individual applications and gives them proper access.

Human element and training.

Research by CompTIA and other organizations consistently shows that the main cause of security breaches is human error by employees, who either don't follow policy or haven't received the training that would alert them to a potential security threat.

Too often, though, companies ignore the risk that's present every day within their four walls. According to an October 2015 CompTIA-commissioned survey of 1,200 full-time workers across the U.S. titled "Cyber Secure: A Look at Employee Cybersecurity Habits in the Workplace," 45 percent say they do not receive any form of cybersecurity training at work. We can't expect employees -- the first line of defense -- to act securely without providing them with the knowledge and resources to do so.

Related: CEOs Can No Longer Sit Idly By on Cybersecurity

Complicating the cybersecurity challenge for organizations is the fact that they are dealing with multiple generations in their workforce. Baby Boomers, Gen Xers and Millennials each present unique security challenges and risks to organizations. For example, 42 percent of Millennials have had a work device infected with a virus in the past two years, compared to 32 percent for all employees. Age also factors into security awareness. 46 percent of Millennials are familiar with two-factor authentication, compared to just 21 percent of Baby Boomers.

With the wave of new workers coming into the workforce, organizations need to take extra precautions and make sure they have effective training in place. Companies can't treat cybersecurity training as a one-and-done activity, or something that's only relevant to the IT department. It needs to be an ongoing initiative for all employees throughout the organization.

The best security technology products and the most comprehensive policies and processes won't work without appropriate human action and intervention. Spreading cybersecurity awareness, knowledge and training throughout the entire organization, from the receptionist at the front desk to the CEO in the corner officer, is essential. Otherwise, organizations run the very real risk of becoming the next cybersecurity victim.

Wavy Line
Kelly Ricker

Senior Vice President for CompTIA,

As the senior vice president of events and education for CompTIA, Kelly Ricker is responsible for setting the association's IT channel education and event strategies and overseeing the department that is responsible for producing CompTIA's channel education products and live events, including the annual Breakaway conference where more than 1,100 channel executives gather for business and training. Ricker  currently serves on the Corporate Event Marketing Association (CEMA) Industry Advisory Board and the Meeting Planners International (MPI) Membership Committee. She is a graduate of Miami University in Oxford, Ohio, where she majored in Public Relations.


Editor's Pick

She's Been Coding Since Age 7 and Presented Her Life-Saving App to Tim Cook Last Year. Now 17, She's on Track to Solve Even Bigger Problems.
I Helped Grow 4 Unicorns Over 10 Years That Generated $18 Billion in Online Revenues. Here's What I've Learned.
Want to Break Bad Habits and Supercharge Your Business? Use This Technique.
Don't Have Any Clients But Need Customer Testimonials? Follow These 3 Tricks To Boost Your Rep.
Why Are Some Wines More Expensive Than Others? A Top Winemaker Gives a Full-Bodied Explanation.

Related Topics

Business News

California Woman Arrested For $60 Million Postal Service Scam

Lijuan "Angela" Chen faces two charges that each carry a maximum sentence of five years in prison.

Starting a Business

Ask Marc | Free Business Advice Session with the Co-Founder of Netflix

Get free business advice during our next Ask Marc, live Q&A, on 6/21/23 at 3 p.m. EDT. You don't want to miss it—send in your questions now.


How to Get Unstuck From Stress and Find Solutions Inside Yourself

Executive coach and author Susan S. Freeman discusses finding a healthy problem-solving mindset in her new book, 'Inner Switch: 7 Timeless Principles to Transform Modern Leadership.'

Business News

Jefferies CEO Shares 15 Pieces of Advice He Wishes He Knew as a Summer Intern on Wall Street

Interns at Jefferies embark on a 10-week program with a pro-rated salary of $110,000 for the internship period.

Growing a Business

Sam Fonseca of Roll-Em-Up Taquitos on Simplicity for Successful Restaurants

Interview with Roll-Em-Up Taquitos COO Sam Fonseca about the power of social media, adjusting for customer expectations, and keeping Mama Karen's legacy alive.