04 Aug 2016 in Social Engineering
You are Your Company’s Worst CyberSecurity Threat
In fact, according to reports, the biggest threat to your company’s data loss is YOU.
According to IBM’s CyberSecurity Intelligence Index, no less than 95 percent of all data security incidents are triggered by human error: employees who are getting tricked by digital scams.
While it may sound more intriguing to think Boris from Moscow is nefariously writing code to steal your customer information or intellectual data, it’s usually just Brian from accounting who downloaded a PDF of an invoice filled with malicious code.
The IBM report revealed while insiders were responsible for 60 percent of all attacks in 2015 – up from 55 percent in 2014 – roughly one-third of those attacks were carried out by inadvertent actors in 2015, compared with nearly one-half the previous year. Inadvertent actors are typically well-meaning employees (or other insiders) who either mistakenly allow an attacker to access your organization’s data or fail to pay attention to your company’s cybersecurity policies (if you have them!).
Phishing scams or malware-laden email attachments make up the vast majority.
Your employees probably aren’t scheming to take over your business or fleece your customers, but if they’re not practicing good cyber security, they are endangering your data.
An Ounce of Prevention is Worth a Pound of Cure
Education and repetition are key in protecting your business from cybercrime, but creating a risk-conscious workplace is easier said than done.
First, it’s important that you have cybersecurity policies. Writing these policies may seem daunting, but a good managed security services program or enterprise solutions team can help you prepare these after a thorough analysis of your data security. These policies should be tailor-made for your organization because no two business environments are exactly the same.
Once these policies are in place, it’s time to educate your employees. You also need to remind your employees on a regular basis which threats are out there, how to recognize them and what actions to take in the event they run into anything suspicious.
Professional training and at-will digital training programs also will help reduce employee risk.
Will this stop all the risky behavior? Probably not, but it can work to curb the No. 1 threat to your organization’s data: you and your employees.