03.30.20176 min read

How to Educate Your Employees About Cybersecurity Threats

First of all, let’s discuss why education is important. All too often we hear about prominent corporations and groups that are targeted for cyber-attacks. There are many major incidences which have occurred and have resulted in data breaches, ransomware, and phishing scams.

What we typically don’t hear about are the attacks that are executed against small businesses. According to Small Business Trends, attacks against small businesses accounted for 43 percent of all cyber attacks in 2015.

cyber attacks chart.png

While the vast majority of these were phishing and vishing attacks, there are other forms of attacks that target unsuspecting employees and can put your business in jeopardy.

Employees need to be educated on the attacks that are typically used against small businesses and how to recognize the threat. Below are the predominate attacks used by cybercriminals and how they can be prevented.

The attacks and how to prevent them


Phishing and vishing are attacks used to steal personal information or credentials. Phishing is typically email based in which the attacker impersonates a legitimate company or trusted individual to acquire private information. The emails commonly use threats or a sense of urgency in an attempt to frighten the user into revealing information. The successfulness of the phishing scam is contingent on how authentic the email appears.  A vishing attack is similar to phishing, but taking place over the phone. The attack will typically take the form of an automated call that will appear to be from a legitimate organization.

Users should be periodically trained on how to inspect URLs cautiously to see if they redirect the user to an unknown website. They should also look for other telltale signs such as grammatical mistakes, spelling errors, and generic salutations. When in doubt, verify the request by contacting the company directly using contact information found independently, not from the email.


Ransomware is one of the most devastating cyber attacks. If successful, the attack prevents you from accessing and using data on your computers. It holds your computer or files for “ransom” requiring you to do something to regain use of your computer. Typically, this is some form of payment, but other forms of ransomware require the user to take surveys to unlock the system.

Ransomware is on the rise and due to the sheer number of incidents and sophistication of the attacks, an assistant special agent with the FBI recommended at the 2015 Cyber Security Summit that companies may want to give into the cyber criminal’s demands.

Training your employees on how to spot potential ransomware attacks is imperative. The training should include the dangers of visiting suspicious or fake websites, opening email attachments unless you absolutely trust the source, clicking on bad links in emails, Facebook, and other social media sites, as well as instant messenger applications. Using pop-up blockers can also help. The key is to always be skeptical, and if you’re ever unsure, just don’t click on it.


Malware is a term used to describe a variety of cyber threats that include viruses, trojans, and worms. Just like ransomware, malware is typically introduced into your system through email attachments and clicking links or through software downloads. It’s typically designed to steal or destroy data on the system.

The best way to prevent malware is to avoid clicking on links or downloading email attachments from any unknown, untrusted senders. This can be done by deploying strong and updated firewalls, which prevent the transfer of large data files over the network in a hope to weed out attachments that may contain malware. However, educating your employees on what to look for and how to deal with the threat, is your first line of defense.

Outside devices

Another danger facing small businesses (and large) are employees bringing in personal devices such as phones, thumb drives, and other devices that can be connected to your computers and potentially harbor some of the threats described above.

The best way to prevent this threat is to communicate your policies and expectations to your employees regarding these devices. The best course of action is to not allow any personal devices to be connected to your systems. Ensure that your people understand the risks of doing so.

In conclusion

While it may sound unpleasant, people will always be your weakest link when it comes to your cybersecurity. One of the best ways to mitigate the risk is to provide regular education on cyber security best practices. They need to understand the significance of protecting customer and business information and their role in keeping it safe. They need to have a basic understanding of the risks and how to use good judgment when using email and while online. Finally, they need to know the practices they are expected to follow in the office environment in order to keep your business as safe as possible.

There are also some low-cost and free training resources that can be used to educate your staff. Websites such as Phishme.com and  WombatSecurity.com and others offer free classes and resources that help in your quest to become cyber-secure.

2017 Strategic Planning Kit - Download Now

Ron Smith is an Infusionsoft Sr. Quality/Security Engineer. Having served in the USAF as a security specialist, he became passionate about security. During his 20 year career, he has worked for very large companies such as Microsoft, Intel, and Pearson, but his love for small business carried him to Infusionsoft. He is also the father of five boys and an avid Harley Davidson rider and home brewer.

Was this post helpful?
Created with Sketch.
Created with Sketch.
Created with Sketch.
Infusionsoft cornerstone spinner
close button
Subscribe to our weekly newsletter!

5 Reasons to Subscribe:

1. Weekly tips to dominate sales and marketing

At our core, we're focused on helping you become a sales and marketing machine. We tap into the genius of the best salesfolks and marketers out there to give you daily tips to grow your leads, make more sales, and keep more customers.

2. Expert small business resources that cost you zero dollars

Want to go deep? We have you covered with free guides, webinars, and tools on a range of topics from marketing automation, CRM, and digital marketing to building sales and marketing strategies from the ground up. All for free. All for you.

3. We're focused 100 percent on small business success

We exist for one reason: helping small businesses succeed. We give you the ideas and insights you need to blow the competition out of the water. We serve business owners who are hungry to put in the hard work to grow their business and own the market.

4. We do the work for you

Running a small business is a 110 percent endeavor. You don't have time to surf Internet for the best small business insights and ideas out there. We'll do that for you with the best original content from our team and from industry experts and small business owners.

5. But wait, there's more!

Small business success means more than just sales and marketing, so we also hit on a range of topics to help your small business thrive, including personal and business growth, customer service, and business management.

6. Righteous GIFs

OK, we said five reasons, but we like to overdeliver...and GIFs. We really like GIFs. You're bound to see some righteous ones.

GIF of Ferris Bueler principal's assistant

P.S. We'll never give out your information. We'll only use it to send you awesome content and resources, if you're cool with that.