In today’s era of seemingly non-stop cyberattacks and high profile breaches, one thing has become abundantly clear: a company’s frontline employees are its best defense.

“The problem is here to stay,” says Dr. Richard White, a cybersecurity consultant and author of Cyber Crime: The Madness Behind the Methods. “The problem isn’t getting any better because we’re dealing with a human problem, not a technology problem.”

In other words, humans are behind the attacks, and no matter what tools they happen to use, their targets are also human. It’s therefore essential that every employee at every company remain vigilant and follow best security practices to keep the entire organization safe.

Dr. White says the first step in securing an organization from cyberattack is to establish clear policies and procedures for every employee to follow.

According to Dr. White, cybersecurity policies should instruct every employee to:

  1. Check for phishing and other email scams before opening emails or clicking links. Training in what to look for and how to respond is essential here, as emails designed to attract clicks to malicious websites have become more sophisticated than many people realize.
  2. Call for help or advice when uncertain. Not sure if that website mentioned in an email is legit? Clicked a suspicious link by mistake? Dr. White recommends having all employees call a cybersecurity point person or hotline when in doubt. From there, all questions and reports of suspicious activity should be logged and tracked.
  3. Update software whenever prompted. Software updates often contain security patches and should be prioritized, says Dr. White. Even if it means some downtime, patches can be timed to take place when they will have the minimum impact, explains Jaime Foose, director of security solutions and lifecycle shared services at Emerson Automation Solutions. For this, she says, “Coordination with operations is absolutely key.”
  4. Secure sensitive screens and devices. Privacy shields designed to obscure screens from what Dr. White calls shoulder surfing and two-factor authentication can help combat this problem.
  5. Drill. There’s no substitute for comprehensive rehearsals to get employees on the same page with cybersecurity and making policies second-nature. Dr. White recommends quarterly rather than annual drills to keep cybersecurity top of mind for employees.

We know cybersecurity remains the top priority for organizations and many companies still have a lot of catching up to do in this area. The findings detailed in AT&T’s 2017 Global State of Cybersecurity report show strategic disconnects that—left unchecked—could be detrimental.

“We surveyed IT experts about the global state of cybersecurity, and we found significant disconnects between what companies are investing in and what their cybersecurity strategies are, or should be,” says Greg Hill, AVP of Cyber Risk Management AT&T, in the report. There are also gaps in risk management, talent, and training as far as where companies are investing versus what their real challenges are. For example, cybersecurity insurance has gotten popular, but companies don’t know the right way to implement it.

More than a quarter (28%) of organizations surveyed for report see cyberinsurance as a replacement for effective cyberdefense. And only 60% of organizations say they mandate cybersecurity training for employees. Yet, this is the key to mounting an effective cyberdefense.

The threat landscape continues to change. Make sure you have the right strategies in place for your organization. Well-trained frontline employees make it possible. “Now, instead of one cyber eye, the chief information security officer, I have 20, 50, 100, or a 1,000 different people looking,” says Dr. White. And that can make all the difference.

Click here to read the AT&T Business Annual Cybersecurity Report and learn more about the benefits of employee awareness training.