How to talk to employees about cybersecurity

August 24, 2023 | SECURA Insurance

As a small business owner, your employees are the first line of defense in preventing a cyberattack. While you may think your business is too small to be targeted, small businesses with fewer than 250 employees have the highest rate of targeted malicious emails.1  Even the most sophisticated cyber protection software and policies can be undone if an employee unknowingly activates malware and causes a cyberattack that gives cyber thieves access to sensitive company data, including customer or client information.

It's critical that you educate your employees about cybersecurity with training.

Highlight the potential cost/damage of a cyberattack to your business.

The average cost of a data breach for a small business ranges from $120,000 to $1.24 million.2

Address password security and best practices.

The best passwords are longer, include multiple character sets (letters, numbers, symbols), use incomplete words, change frequently, and are not used for multiple accounts.

The use of multi-factor authentication significantly enhances the security of digital accounts and systems by adding an additional layer of protection beyond just using a strong password.

Incorporate cybersecurity awareness in new employee training/orientation.

Your employee handbook should highlight cybersecurity practices and include a cybersecurity section.

Provide ongoing practice scenarios to help employees spot phishing attempts.

Through your company’s IT support or an outside vendor, test your employees’ knowledge occasionally with phishing drills. A phishing drill is a simulation exercise used to assess which employees are susceptible to an attack. Employees learn to identify suspicious emails and apply security awareness best practices.

Share “real world” cyberattack news to maintain awareness of risks.

Cyberattacks evolve and change regularly so sharing news about what is happening in the real world helps employees stay aware of what to watch for.

Emphasize that cybersecurity is every employee’s responsibility.

Make sure employees understand that cyber issues are not just the concern of the IT team, but their concern as well.

Create processes and procedures for communicating cyber attempts or successful attacks.

Create a chain of command and design a cyber incident response plan for your business.


1 Symantec Security Center Data

2 Ponemon Institute


© 2023 The Hartford Steam Boiler Inspection and Insurance Company. All rights reserved. This document is intended for information purposes only and does not modify or invalidate any of the provisions, exclusions, terms, or conditions of the policy and endorsements. For specific terms and conditions, please refer to the coverage form.