Why Employees Need Cybersecurity Training
The biggest threat to your company’s cyber integrity comes from what your employees don’t know. They need to navigate the internet and handle incoming email to do their job yet many don’t know the basics about what is safe. When it comes to cybersecurity safety there are three types of employees and each type benefits from training in different ways.
Three Types

There are three types of employees:
- Type 1, the ones that think that the IT department will block all problem emails and websites so there is nothing for them to worry about. They blithely ignore all risks and navigate and click links at will.
- Type 2, who are so worried that they might open the wrong website or email and cause a cyber attack that shuts down their entire organization. They have seriously reduced productivity as they avoid going to new websites and delete perfectly valid emails, “just in case”.
- Type 3, who realize that they are an important part of the cyber security solution, and are happy to play their part, if only they knew what to watch out for.
As a manager, you need a way to convert Type 1 and Type 2 employees into Type 3 employees and make sure that they all know what to watch put for.
Training By Type
While every employee needs to learn the fundamental concepts of cybersecurity protection, different employee types also need additional information. It’s particularly important to teach Type 1 employees that cyber-risk is very serious and that they need to take an active part in cyber attack prevention. Type 2 employees need to be reassured that with the right basic knowledge, they no longer need to lose productivity agonizing over what is safe. Teach them about:
- Phishing, vishing, smishing
- Ransomware
- Macro malware
- URL manipulation
- Domain manipulation
- Identity strategies
- Password management
- 2 factor authentication
- App stores
- Browser settings
- IoT that you use
- Actionable best practices
Making It Work
Scheduling can be a problem when trying to deliver cybersecurity awareness training to every employee. While online training solves this problem, this raises the problems associated with managing employee engagement. To address this, choose a program that includes engagement management to confirm who has done training and with what result.
Engagement management can include:
- Email reminders to improve engagement
- Test questions to verify learner understanding
- Management approved phishing simulator
- Certificate of completion
- Management dashboard to track results
Remember, training should not be a one-shot process. Training should be provided for all new hires and for everyone on an annual basis. The threats change so go for a company with the cybersecurity expertise to keep the course current.
If you’d like to leverage our expertise, whether you’re an existing client or not, or if you’d like to comment on this article, please email me at kristin.
This article was published in the
April 2024
edition of The TMC Advisor
- ISSN 2369-663X Volume:11 Issue:3
©2024 TMC Consulting