Technology is essential to a comprehensive security defense. But even the best cybersecurity can be sunk by the one thing that’s impossible to avoid entirely: Human error. A cyber-naive workforce is the weakest link in your cybersecurity defense; but by teaching smart cyber hygiene, you can transform your workforce from cyber threat vulnerability to cybersecurity champion.
Security breaches are inevitable. But that doesn’t make the facts any less daunting:
- Data breaches increased 40% in 2016.
- Average cost of a breach is $4 million.
- Cost of data breaches will soar to $2.1 trillion globally by 2019.
ARE EMPLOYEES' ONLINE ACTIVITIES PUTTING YOUR SECURITY AT RISK?
Most employees aren’t maliciously trying to cause harm online. Rather, they inadvertently give criminals an edge through carelessness or misplaced trust. Many social engineering schemes play on people’s desire to be helpful.
Changes in how people work has added to security risks. Social media, remote work practices and BYOD have all complicated cyber defense measures.
But the biggest hacker tactic is still good old phishing. Studies have found that 90% of successful hacks and breaches have come from phishing.
VALUE OF CYBERSECURITY TRAINING
Experts predict employee security awareness training will be a multi-billion dollar industry this year. There’s a reason: It works.
Wells Fargo, for instance, saw a 40% decline in susceptibility to phishing through training. The City of San Diego saw its phishing security issues drop around 20% the first year after implementing an awareness program.
This new breed of awareness training takes commitment. It’s not a one and done deal. Comprehensive training should be held at least annually. Also, there’s an emphasis on interactive training—such as running simulated phishing attacks a couple times a month.
Training is effective to developing a company culture of cybersecurity awareness. Everyone—from the C-suite to the custodial staff— needs to understand their responsibility to keeping sensitive information secure.
WHAT EMPLOYEES NEED TO KNOW
Some security policies are inconvenient, so it’s important that employees understand why they’re required to follow certain protocols.
Having regular cybersecurity training and consistent policies will help reinforce the value and key steps. Some cyber hygiene practices should be second nature, including:
- Keeping a clean machine—Employees need to know what they’re allowed to install on their work devices and plug into their USB ports.
- Avoiding suspicious links—Employees should avoid sketchy downloads. If a link looks odd, even if it comes from a familiar source, they should know not to click on it.
- Using strong passwords—Stolen credentials is a common way for criminals to gain access to your network.
- Backing up important information—With the increase in ransomware, it’s essential to have backups, so you won’t have to shell out big bucks to reclaim your data.
Of course, employee training is only one component of cybersecurity. People will make mistakes and threats will get through. When they do, you need a multi-layered security technology defense to protect data at the source and prevent threats from moving across network segments.
A partner of Fortinet and managed security services provider, VLCM can deliver the technical expertise and security you need to bolster the strength of your cybersecurity-aware workforce. Contact us to learn more.