Where do you think the number one threat to cybersecurity for New York businesses comes from today? Russia? North Korea? ISIS? In fact, the greatest threat to your cybersecurity is from within your own organization. We’re not talking about disgruntled employees, either. These are hard-working, well-meaning staff who click on the wrong link or open the wrong email attachment, essentially inviting the hackers in. It comes down to one thing: a lack of user awareness.
A Wall Street Journal article in September 2017 reported that 91% of cyber attacks begin with a “phishing” email. This email, which is usually disguised to be from a legitimate source such as a bank or even a colleague, directs the receiver to click on a link. If the employee falls for it – and it only takes one out of all your employees to fall for it – suddenly cyber criminals have a direct gateway to all your sensitive data including customer information, sales, and more.
One famous cautionary tale is how cyber criminals attacked Target “through the air conditioning.” An employee of one of Target’s HVAC sub-contractor opened a phishing email while that company’s system was connected to the retailer’s systems. With one click, he opened the door for hackers allowing them access to the personal information of 110 million Target customers.
Cybersecurity is everyone’s business including employees. Just as they are taught how to use pass keys, pass codes, and other secure systems, cybersecurity user awareness should be routine training for all members of your organization. However, employees are still the weakest link in cybersecurity for the average organization in New York.
A Verizon 2017 Data Breach Investigation Report revealed just how widespread the problem is:
User awareness training is the best way to reduce these numbers.
The Verizon study reveals just how important user awareness is to an organization. One of the easiest ways to vastly improve your in-house cybersecurity program is to properly train employees on the dangers of cyber threats through annual training and reminder sessions/memos. Topics should include:
To this last point, companies are moving away from punishing employees who do report breaches. This is because an employee is less likely to report a breach or may delay in reporting a breach if he or she believes there may be consequences such as disciplinary action or even dismissal. On the other hand, rewarding employees who report potential cybersecurity threats encourages employees to report them faster. This in turn could minimize damage to your organization.
Here are a few organizations working on spreading the culture of cybersecurity by providing free resources on cybersecurity and user awareness:
Small Business Administration (SBA) http://www.sba.gov/training
NCSA – National Cyber Security Alliance https://staysafeonline.org/stay-safe-online/
DHS – Department of Homeland Security https://www.dhs.gov/publication/stopthinkconnect-small-business-resources
CompCiti Business Solutions, Inc. – Contact us for a free cybersecurity assessment
If your organization is based in New York City, contact CompCiti for a Free Cybersecurity Assessment, and to find out about our User Awareness Training programs. We have all the latest information on the malicious ways cyber criminals are tricking employees, how to spot potential danger, and what to do to reduce your organization’s risk of cyber attack. It’s an easy and effective way to train your employees with the latest information and the least hassle for you.