Archived Insight | January 8, 2021

Cybersecurity Training for Employees: Know Your Role

Today, cybersecurity training is a must for all employees, as cybersecurity attacks are increasing in frequency and sophistication. If you’re like most organizations, your employees must complete basic annual training on secure business practices, covering password policies, encrypting email, spotting phishing attempts, HIPAA laws and the definitions of protected data.

But to remain truly secure, you should provide additional training that goes beyond the basics. According to the National Institute of Standards and Technology (NIST) Cybersecurity Framework, the stakeholders most in need of advanced cybersecurity training include senior executives, privileged system users, physical and cybersecurity personnel, system administrators and third party stakeholders like suppliers, customers and business partners.

Let’s look at each role separately.

Two IT Professionals In A Big Control Room Of A Factory Working On A Computer.

Senior Executives

Besides the standard training, senior executives will also need to know:

  • The laws relating to cybersecurity, especially with HIPAA and the possibility of significant fines
  • The legal liabilities and reputational damages that exist for the organization and themselves personally if faced with a cybersecurity attack
  • The many types of cyberattacks possible and how to evaluate the cyber risk associated with those
  • The types and speed of decisions required during a cyberattack
  • The security questions to ask when high level ideas or strategies are discussed
  • An understanding of how to create a strong cybersecurity program
  • The governance, policies and procedures required to best protect the organization
Mature Businessman And Businesswoman Planning In Office Mature Businessman And Businesswoman Planning In Office

Privileged system-users

These are people with “super-user” access to a specific system, with the ability to view, edit and delete highly confidential data. They will need to know:

  • Detailed information about the system they are on and how the data can be subject to risk
  • Ethical responsibilities of the privileged user
  • Increased review of privacy laws and liabilities
  • Detailed training on policies and procedures relating to their role
  • How to protect their privileged accounts and access, including what not to do while logged in with privileged system access, such as internet browsing

Physical security personnel

These are your front desk support people and security guards. They will need to know:

  • What risks they should be monitoring for
  • How to report an incident
  • How to capture potential incident evidence
  • Daily procedures for performing their duties, such as verifying doors are locked, cameras are functioning, lighting works as expected, desks are cleared, etc.
  • How to handle emergency situations such as water or fire in the data center

System administrators

These are your IT personnel with full or root access to your systems. They may have the ability to install software; install or modify system processes; create or modify system configurations; create or modify system access controls and view or control the screen of the user through remote access technologies in order to assist them. They will need to know:

  • What risks they should be monitoring for
  • Ethical responsibilities
  • What not to do while logged in as a system administrator, such as internet browsing
  • Increased review of privacy laws, copyright laws and liabilities
  • Detailed training on policies and procedures relating to their role such as change and configuration management and user password administration

Need some personalized advice on cybersecurity?

Don't let inadequate training be the reason you fall victim to cybercrime. Talk to one of our professionals about how we can help your organization.

Cybersecurity personnel

These are the people who specifically protect against, detect and respond to cybersecurity incidents. They will need to know:

  • How to configure and use any cybersecurity protection software or hardware tooling
  • What risks they should be monitoring for
  • How to evaluate the seriousness of a cybersecurity attack
  • Where the incident response plan is located, their individual roles and responsibilities in it, and what decisions they may have to make if a cybersecurity incident is moving very quickly throughout the organization
Group Of Business People And Software Developers Working As A Team In Office Group Of Business People And Software Developers Working As A Team In Office

Third party stakeholders

These are the business personnel of your organization that depend on the IT systems and
data, any vendors or suppliers your organization works with, and possibly your customers. They will need to know:

  • What is expected of them should an incident occur
  • How they can report an incident to your security officer or IT organization
  • How you will communicate with them in all instances so they can identify real versus fake communications

See more insights

Asian Man Focus And Programming For Cyber Security

Best Practices for Building Strong Cybersecurity Defenses

This webinar covers how to better meet the cybersecurity challenges facing organizations today. Watch now.

Technology, Cybersecurity Awareness Month, Cybersecurity consulting, Cyber Advisor

Watch the Webinar

Asian Woman Discussing New Software With Colleague

Key Challenges in Maintaining Strong Cybersecurity Defenses

Staying on top of sophisticated cybersecurity threats is one of 5 key cyber challenges your organization faces. Gain insights on what actions to take.

ATC, Corporate, Architecture Engineering & Construction, Higher Education, Public Sector, Multiemployer Plans, Technology, Cybersecurity Awareness Month, Cybersecurity consulting

Read Full Insight

Group Of Business Persons Talking In The Office

Segal Launches Cyber Advisor Subscription Service

The Cybersecurity Risk Mitigation Subscription Service developed to increase organizations’ cybersecurity protection.

Technology, Cybersecurity consulting

Read Full Insight

This page is for informational purposes only and does not constitute legal, tax or investment advice. You are encouraged to discuss the issues raised here with your legal, tax and other advisors before determining how the issues apply to your specific situations.