Security Awareness for Sales Representatives
The performance of salespersons is usually measured in terms of revenue, not in terms of security awareness. As a result, most of their efforts are geared towards closing contracts and not vulnerabilities. If your sales representatives do not know how to protect the confidentiality of business information, your valuable assets (corporate information) could be mishandled or accessed by unauthorized individuals. You also risk being non-compliant to laws that require enterprises to adhere to information safety and security awareness.
Why is Security Awareness Important for Sales Reps? Why Should They Participate?
The American Society for Training and Development (ASTD) revealed that US firms dedicate around $20 billion each year to sales training. 50% of that money is geared towards sales skills, with the rest being spent on company, product and knowledge of the industry. A major portion of this investment is set aside to train newly recruited salespersons.
Two year's worth of NIST-aligned training
Deliver a comprehensive security awareness program using this series' 1- or 2-year program plans.
But what’s astonishing is that most sales training programs don’t focus on security awareness. ToutApp’s CEO Tawheed “T.K.” Kader, while speaking to Fortune, mentioned most aspects of on-the-job sales training, but nothing of security awareness.
The purpose of including security awareness in sales training is to create competencies that allow sales reps to make sound decisions when experiencing security issues. All it requires to compromise critical company information is one salesperson clicking on a malicious attachment. Education in this context can lessen the chances of salespersons becoming victims of intrusions.
Salespersons should actively participate in security awareness programs because cyber criminals consider them the ripe fruit to pick. Hackers target them with email abuse, browser attacks, stealth attacks and other evasive tactics.
Why are Sales Reps Targeted?
Hijacking the information consumed and transmitted by sales representatives in the form of phone calls, emails, etc., could give hackers access to an organization’s personal information and knowledge about its financial capability. Moreover, because sales reps input data into an enterprise’s Customer Relationship Management (CRM) solution, they are a prime target for cyber criminals.
While CRM data is not the easiest way into, say, a plethora of customer accounts, a closer examination reveals that it is quite lucrative for hackers. These days CRM data contains everything, from intellectual property data to financial records. Therefore, more damage can be done if an adversary targets a sales rep who has access to the company’s CRM in a cyber invasion.
Sales reps are also targeted because they add a personal touch to the files they directly upload to their companies’ systems. Hackers who can access and modify their files through any attack method can bypass all current protection measures without being detected. In addition, clients and vendors can be targeted by cyber criminals directly. The latter method reduces the chances of detection as “trust” has already been developed.
Moreover, sales reps are not trained in detecting highly personalized attacks. It is particularly challenging for victims to determine if the reply to that quote/pitch includes a malicious attachment because they could assume that the reply was from a familiar contact and was vetted initially. However, that contact’s email could have been overwritten by a hacker who was spoofing the communication. Network monitor and protective software will not protect against the intrusion once the adversaries become trusted insiders.
What are Some Common Security Mistakes that Sales Rep Make?
From sensitive contracts sent via unencrypted apps to opening attachments of all kinds, sales reps are often lax about the safety of corporate information. Some of their most common information security mistakes include:
- Lack of background research and skepticism
Salespeople often do a poor job of conducting background research on the communication exchange they have with prospects and clients. If it is an email from a name they have talked to in the past, they are likely to mark it as a trusted source, disregarding the fact that it could be a phishing attack that’s asking them to enter credentials or download an infiltrated attachment.
- Leaving sensitive material on unencrypted channels
Salespersons often brainstorm in teams and exchange ideas over the Internet. However, they do not give importance to encryption. Ideas and information exchanged over an unencrypted communication channel could easily leak out sensitive company data to an adversary.
- Using insecure devices
The number of salespeople using Bring Your Own Device (BYOD) policies is growing each year, but several of them lack awareness about BYOD risks. Sales reps use personally-owned devices to connect to business networks and transmit sensitive information. When these devices are used outside corporate walls, sales reps can install insecure apps, which would create a host of vulnerabilities when they reconnect to the corporate network.
- Ignoring the security of wireless connections
Salespeople work just about everywhere. While most corporations have a strict policy about connecting to their information ecosystem via unsecured WiFi, sales reps end up doing it anyway while they are on the go. The majority do not think about the risks of being connected to public WiFi, and therefore put their company’s network at risk.
It is up to the organizations to balance out these risks with security awareness training.
What is the Best Way to Train Sales Reps on Security Awareness?
Because of the many security mistakes sales reps often make, security awareness training cannot be overlooked.
Start off with a buy-in from key stakeholders. Full support from the sales department is necessary to successfully increase security awareness amongst sales reps. The buy-in should be followed by coordination with key departments that have similar interests and could provide additional resources like distribution or funding. For instance, the compliance department can make security awareness a necessary component of sales-related processes, such as exchanging emails.
When it comes to the actual training, don’t just make it a check-box exercise. Sales reps need to understand the security culture and know that their efforts will contribute to the organization’s aim of achieving HIPPA-compliance, PCI-compliance, as well as any compliance that are a part of federal regulations. The main goal is to make sales reps adapt to security awareness training viably.
On that account, it is important to ensure that the security awareness training material is delivered to sales reps in a creative manner. You can make it fun and engaging by integrating interactivity and gamification. For instance, the security awareness department can set up a series of emails, including a few phishing emails, to send to sales reps. Salespeople who could spot the phishing attempt can be given a bonus.
Likewise, an enterprise should utilize its Learning Management System (LMS) to test the concepts of salespeople, track their progress and assign them knowledge-based questions that enable them to recall and retain the information presented to them in security awareness training. Work with other departments to make the LMS content more interesting. For instance, the marketing department is great for packaging information so that they can be asked for help.
Ensure the training is continual to build a culture based on security awareness.
Security Awareness Tips / Resources for Sales Reps
It could be challenging for sales reps to keep up – especially if they are not immersed in IT on a daily basis. However, they can avoid being classified as a “security liability” by following these security awareness tips:
Get six free posters
Reinforce cybersecurity best practices with six eye-catching posters found in our free poster kit from our award-winning series, Work Bytes.
- Bookmark Security Awareness Resources: If sales reps do not know some concepts, they can get themselves acquainted by going through security awareness resources. For instance, InfoSec Institute’s computer-based security training platform, SecurityIQ, combines computer-based security and a phishing simulator to test employees’ knowledge on enterprise security.
- Set Reminders: Even with all the learning, constantly staying vigilant can be difficult for sales reps. It is not always easy to know if there’s a threat, so it can be beneficial to set reminders about security. For instance, salespeople can stick notes on their laptops that remind them that every email could include potential malware.
- Get a Checklist from IT: Sales reps have the option to enlist help. For instance, they can ask the IT for a checklist to run through when they receive emails, phone calls or new visits. For instance, an email checklist could include pointers like verifying the sender’s email address, speaking to the sender before opening his/her email, etc.
- Follow Good Password Practices: Sales reps should have different passwords for personal and work-related accounts to thwart adversaries. In addition, they should keep the strongest passwords ( mixtures of numeric, symbols and phrases) for the most critical accounts. Enabling two-factor authentication will let others know that salespeople are aware of security protocols.
Conclusion
Providing sales reps with security awareness should be an ongoing practice. Their training should be followed by security condition and incident reports to track progress. Lastly, it should be proactive and flexible. This would ensure that the primary function of the sales department is not disrupted.
In this Series
- Security Awareness for Sales Representatives
- Tax scam season: How to protect your data from common scams in 2024
- Security awareness for kids: Tips for safe internet use
- Celebrate Data Privacy Week: Free privacy and security awareness resources
- Consumer data, who owns it and who protects it?
- Human error is responsible for 74% of data breaches
- What is a social engineering attack?
- Biggest cybersecurity mistakes by large organizations
- 4 common social media scams (and how to avoid them)
- From theory to practice: Designing a successful security awareness training program
- Understanding cyberattacks: Types, risks and prevention strategies
- Securing digital frontiers: The importance of information and IT security awareness training
- Optimizing your corporate security awareness training: Strategies and techniques
- What is security awareness: Definition, history and types
- Top 10 security awareness training topics for your employees in 2023 and beyond
- AI best practices: How to securely use tools like ChatGPT
- Connecting a malicious thumb drive: An undetectable cyberattack
- 5 ways to prevent APT ransomware attacks
- 4 mistakes every higher ed IT leader should avoid when building a cybersecurity awareness program
- ISO 27001 security awareness training: How to achieve compliance
- Run your security awareness program like a marketer with these campaign kits
- Deepfake phishing: Can you trust that call from the CEO?
- Fake shopping stores: A real and dangerous threat
- 10 best security awareness training vendors in 2022
- How to hack two-factor authentication: Which type is most secure?
- Malicious push notifications: Is that a real or fake Windows Defender update?
- Free Cybersecurity and Infrastructure Security Agency (CISA) ransomware resources to help reduce your risk
- How IIE moved mountains to build a culture of cybersecurity
- At Johnson County Government, success starts with engaging employees
- How to transform compliance training into a catalyst for behavior change
- Specialty Steel Works turns cyber skills into life skills
- The other sextortion: Data breach extortion and how to spot it
- Texas HB 3834: Security awareness training requirements for state employees
- SOCs spend nearly a quarter of their time on email security
- Security awareness manager: Is it the career for you?
- Risks of preinstalled smartphone malware in a BYOD environment
- The ROI of security awareness training
- 5 reasons to implement a self-doxxing program at your organization
- What is a security champion? Definition, necessity and employee empowerment [Updated 2021]
- Excel 4.0 malicious macro exploits: What you need to know
- Worst passwords of the decade: A historical analysis
- ID for Facebook, Twitter and other sites? Not so fast, says security expert
- 3 surprising ways your password could be hacked
- Fake online shopping websites: 6 ways to identify a fraudulent shopping website
- All about carding (for noobs only) [updated 2021]
- Password security: Complexity vs. length [updated 2021]
- What senior citizens need to know about security awareness
- 55 federal and state regulations that require employee security awareness and training
- Brand impersonation attacks targeting SMB organizations
- How to avoid getting locked out of your own account with multi-factor authentication
- Breached passwords: The most frequently used and compromised passwords of the year
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
Security awareness
Tax scam season: How to protect your data from common scams in 2024
Security awareness
Security awareness
Celebrate Data Privacy Week: Free privacy and security awareness resources
Security awareness