Invest in employee security awareness training

It used to be the promise of sizable cash prizes, free cruises or “get-rich-quick” schemes. But as consumers have become savvier to phishing attempts, so too have those executing them. Malicious actors have stepped up their tactics to be more convincing, from replicating well-known brands’ order-tracking emails to creating full-blown fake websites. Unfortunately for consumers, their efforts are paying off, with the FBI reporting at least $16 billion in losses to scams and cybercrimes in the last year alone.

There is no sugarcoating it—cyberattacks can shutter a business. And it is not just happening to Fortune 500s or large corporations. Recently, a national food distribution company was breached, forcing them to shut down their network and disrupt order and delivery systems.

According to Business Insider, the incident left “some supermarkets, from national chains like Whole Foods to family-run markets, out of stock on everything from milk to pasta.” It begs the question, “How are hackers continuing to make inroads into our systems?” It is simple. They are targeting the most vulnerable entry points: people.

Cybercriminals are getting smarter, better and faster every day, making it more challenging for users to spot and deflect their phishing attempts. In 2024, an industry report indicated that up to 40% of U.S. employees engaged with fake emails, with many users forwarding them to their peers and supervisors.

Other data showed a nearly 20% click rate on malicious links. These statistics are significant, but they are not surprising. It is a mistake that could happen to anyone not well-versed in identifying and protecting themselves against the latest cyber threats.

Many businesses offer brief tutorials on phishing or general tips for recognizing a scam as part of the onboarding process. But incoming employees are taking in massive amounts of information in their first weeks, and cybersecurity “training” can be another item on their to-do lists. Established team members have also likely long forgotten this cursory cybersecurity guidance and are laser-focused on their daily responsibilities. It is no surprise that employees are a prime target. Amidst overflowing inboxes and full calendars, cybercriminals are making a safe bet on human error.

Businesses can transform their potential liabilities into assets by providing regular security awareness training that reflects real-world risks. Yes, software and security controls can help limit users’ abilities—and thwart attackers’ opportunities to infiltrate their networks. But implementing these technical safeguards is not a silver bullet. It is a cat-and-mouse game with attackers always working to outsmart the technology.

That is why expert-led educational sessions are vital. With the support of an experienced cybersecurity firm, companies can ensure user buy-in, confidence and, most importantly, consistent follow-through of cybersecurity protocols. It is a tall task, but properly investing in company-wide education can be the difference between zero disruptions to a business and ceasing operations.

Today, security awareness training is non-negotiable. It is the cornerstone of any comprehensive cybersecurity approach. Through employee education and empowerment, businesses can protect their most valuable—and sometimes vulnerable—assets and ensure greater system resiliency.

Editor’s note: Chris Wright is co-founder and partner at Arkansas-based Sullivan Wright Technologies. The opinions expressed are those of the author.