Because it helps employees – and the bottom line
By Jennifer Conroy
Senior Editor, MindEdge Learning
Professional development is a win-win opportunity for both companies and their employees. Numerous studies show that workers value training and career development as a company-provided perk, while employers reap the benefits of increased job satisfaction and productivity. But only 50 percent of working Americans say that their employers provide career development opportunities that meet their needs, according to the 2017 Job Skills Training and Career Development Survey conducted by the American Psychological Association.
Why should more organizations prioritize job training and career development programs for their employees? Here are four good reasons:
- Increased Employee Satisfaction. Employers are always on the lookout for ways to improve satisfaction among their workers. While promotions, raises, and company-sponsored social events are generally well-received, research shows that professional development is also a highly desirable workplace benefit. According to Clear Company, a talent management organization, 76 percent of employees want opportunities for career growth, and 68 percent of workers identify training and development as the workplace policy that’s most important to them.
- Increased Employee Retention. High employee turnover rates are not only headaches for managers; they also reflect poorly on an organization’s reputation. Keeping employees for the long term should be a top goal for all organizations, and workers are more likely to stick around when they are given the proper training and are supported in their efforts to expand their skill sets. By offering career development programs, companies also open up opportunities to fill future job openings from within the organization.
- Increased Employee Engagement and Productivity. When employees lose their passion for their work, the morale and productivity of the entire company can suffer. Professional development opportunities can give employees confidence and drive, making them more engaged and productive. And according Pinnacle Development Group, a leading HR and business development consulting firm, companies that have engaged employees outperform those that don’t by more than 200 percent.
- Increased Company Profitability and Stability. Professional development can be a costly investment (U.S. companies spent more than $70 billion on corporate training in 2016), but it is a necessity in this rapidly changing technological landscape. According to the American Society for Training and Development (ASTD), companies that provide employees with comprehensive training have 218 percent higher income per employee than those that do not provide training. By prioritizing training and development programs, companies can stay ahead of the curve and secure a place at the top of their industries.
For a complete listing of MindEdge’s course offerings related to professional development, click here.
Copyright © 2018 MindEdge, Inc.
Hackers Take Aim at Human Weaknesses
By Marco Martinez
Editor, MindEdge Learning
Imagine you arrive at work one day to find everyone in the office standing around and chattering loudly, while row after row of computer screens flash a ransom message. Someone quickly approaches and breathlessly informs you: “We’ve been hacked!”
The in-house IT security expert explains over the din that what the company has just experienced is a denial-of-service attack—likely perpetrated by a hacker who got past the firewall using sophisticated hacking techniques. As the security expert talks, FBI agents and TV reporters start filing into the office. Over the dull roar, you can barely hear the IT guy explaining to the agents “…they stole every last bit of bytes from the company’s servers and hard drives!”
Or maybe not. While this scenario would make for a heart-pounding episode of “CyberCop,” cyberattacks are usually a lot quieter and less dramatic. Indeed, the majority of companies never even report cyberattacks, largely because of the negative publicity that would likely ensue.
All that being said, the main problem with this scenario is the nature of the attack itself. While a handful of hackers use sophisticated techniques, most do not need to. The reason is human nature: most people are easily duped, and they fall for the same tricks, again and again.
The most common, and usually most successful, cyberattacks are known as “social engineering attacks.” These attacks take advantage of human weakness to trick victims into giving out sensitive information, providing access to data, or allowing someone to enter a building without verifying his or her identity. Phishing scams and ransomware are types of social engineering attacks that can be highly successful, even when the threat of encrypting a victim’s data may actually just be a bluff.
What can a “regular person” do to thwart the most common cyber threats? For starters, it’s important to realize that hackers have basically two types of targets: easy ones, and just-slightly-harder ones. This means that the hackers who go after regular folks will most likely use techniques that are easy to deploy, unsophisticated, and inexpensive.
If the hacker has a lot of time and money— let’s say he’s a member of an organized crime syndicate or on the payroll of a foreign government— then he can resort to the more rare, time-consuming, expensive, and sophisticated attack methods. If you are not a bank or a voting machine, you probably don’t have to worry about this type of hacker.
Most of us need to worry about low-complexity cyberattacks, including ransomware, compromised credentials, extortion schemes, and exploit kits. The following list, adapted from the blog of Adam Meyer’s column in Security Week, tells how you can protect your company (and yourself) from these threats:
- Ransomware: This type of malware can be introduced using infected file attachments that can encrypt a target computer’s files, or even the entire hard drive. To prevent ransomware, you should scan email attachments, restrict administrator privileges, install patches and updates, and limit users’ ability to disable ”inconvenient” security features.
- Compromised credentials: Passwords can be stolen, or cracked easily, especially when they are reused. Using two-factor authentication, coupled with strong passphrase generation and management, will lower the risk. (Passphrases are more secure than passwords, so be sure to use them.) Automatic passphrase resets also help force users to change their passphrases regularly.
- Extortion: This occurs when an attacker steals information from an organization and threatens to expose it online unless he or she is paid. The attacker usually “exfiltrates” (that’s a 20-dollar word for “steals”) information by exploiting vulnerabilities in social media accounts and by using software “backdoors.” There are tools that examine data leaving a computer or server, and these tools can alert an administrator to unusual activity – but the best way to avoid extortion is to limit the amount of potentially embarrassing material stored on your system.
- Exploit kits: These are software programs designed to run on web servers, which then exploit vulnerabilities found on client machines. Anti-phishing software and patches that target common CVEs (common vulnerabilities and exposures) should be installed. Lists of CVEs are regularly updated, so organizations can add them to their exploit libraries in order to protect against them.
And don’t forget: Train your users in cybersecurity on a regular basis, using real-life scenarios and fresh, engaging content!
For a complete listing of MindEdge’s cybersecurity course offerings, click here.
Copyright © 2018 MindEdge, Inc.