The best network security system in the world can be taken down by a single click on the wrong email attachment. Businesses that don’t take the human factor into consideration when implementing data security are missing a vital part of the equation.
According to TechRepublic, careless or untrained employees are the number 1 cause of data breaches at small and medium sized companies in North America and the UK. What’s the average cost to companies for a cyber breach? In excess of $1 million.
Clicking malicious email attachments accounts for 66% of malware intrusions.
The most recent data breach investigation report by Verizon found that email was the main delivery method for malware, such as ransomware. So, if you increase the strength of your “Human Firewall” (employee powered security) with employee training in cybersecurity, you significantly decrease your risk of a costly attack.
Because the human factor is so important in data security, as part of the free security assessment we provide at Technology Visionaries, we look at how well employees are trained on security protocols as well as things like anti-virus software and unified threat management.
Compliance and Cybersecurity
Data breaches in any industry can cost a company hundreds of thousands of dollars or more, but it’s especially problematic for those that have compliance regulations to meet for the safe collection, storage, and transmission of data.
It seems we hear about a major retailer hack every other month where millions of customers’ credit card and personal data are stolen. And whether you’re a large business or small one, any type of security incident can cost you public trust.
Overview of Compliance Regulations in 6 Industries:
- Financial – Several cybersecurity requirements from federal and state authorities
- Retail – Payment Card Industry Data Security Standard (PCI DSS)
- Healthcare – Health Insurance Portability and Accountability Act (HIPAA)
- Municipality – A variety of state or local requirements
- Insurance – Consumer information protection regulations vary by state
- Energy – Critical Infrastructure Protection (CIP) Standards
Cybersecurity Training is Important
Just telling staff not to click on questionable emails isn’t enough. Things like password security also play a major part in security breaches around the world.
Our Cybersecurity Training Team at Technology Visionaries conducts training for our clients regularly and we take a fully rounded approach to ensure a company’s human firewall is as strong as possible, and not a weak link in their chain.
Before we deep dive into cybersecurity training, let’s take a look at a few eye-opening statistics.
Did You Know These Statistics About Cybersecurity?
- About 60% of municipalities outsource elements of their services, but don’t have a third-party risk management policy.
- In a Mimecast study of over 45 million emails, nearly 11 million were incorrectly passed through the email security software.
- 43% of data breaches are from Phishing (fake emails), according to the earlier mentioned Verizon report.
- Another Verizon insight was that 1 out of 14 Phishing attempts are successful, where the recipient clicked on a link or downloaded an attachment with malicious code.
What Should You Be Teaching Your Staff About Cybersecurity?
Teaching your staff to identify and avoid potential cyber breaches should be ongoing. One afternoon meeting once a year makes for a pretty weak “human firewall.”
Your employees, at all levels, are your first line of defense.
Our Technology Visionaries team has put together the primer below on the types of things your staff needs to know about cybersecurity.
The statistics tell us that methods spammers and hackers have been using for years are still working. Phishing emails that disguise themselves as legitimate are still one of the most popular ways to get a malicious script into a system.
Your new sales person gets an email claiming to be from XYZ Company with a purchase order attached. Excited for the sale, he clicks on it even though he isn’t sure he’s spoken with that company before. Unfortunately, it was bogus. He just downloaded a data stealing malware script into your system.
Teach employees to be vigilant about emails that may look legitimate but could be harboring a malicious attachment or link. Hovering over (but NOT clicking) a link can show you the true URL which is often masked by the text. Employees should always distrust attachments and links they don’t know.
Two of the most common passwords are “123456” and “password” and cyber criminals know both of them, plus tons more that are used by millions of people.
People often use the same password for multiple logins, and they use something easy so they can remember it. However, poor password security is like opening the door to a hacker. Teach your employees that using a weak password is just like leaving your door unlocked when you go on vacation.
Here are some tips for strong passwords:
- Should be at least 10 characters long
- Should contain a combination of upper and lowercase letters
- Should contain special characters and/or numbers in addition to letters
- Don’t use the same password for two or more devices
- Use 2nd factor authentication, when possible, which sends a text with a time-limited login code
- Don’t write down passwords and stick them on your computer
Do your employees know what to do with the data on an old tablet or computer when they’re issued a new one? How about the proper way to handle customer credit cards when they’re working a trade show?
You can’t always expect staff to read through reams of compliance rules and regulations. Breaking the information into easy-to-digest chunks and using signage and ongoing testing can help ensure you don’t have a compliance violation because someone just didn’t know what to do.
Train All Staff Levels
Your Vice President of Marketing can just as easily click a malicious link as your intern. Make sure your cybersecurity training is across all departments and staff levels so everyone is on the same page and you have the strongest human security against cyberattack possible.
Need Some Help with Cybersecurity Training?
Technology Visionaries can make cybersecurity training for your staff easy, effective, and affordable. Malicious emails are zooming in every day! Contact us today to get your team training scheduled.