04 Aug 2016 in Social Engineering
You are Your Company’s Worst CyberSecurity Threat
The biggest cybersecurity threat to your organization isn’t Russian or Chinese hackers. It isn’t nefarious plots schemed by cyber spies, either. In fact, according to reports, the worst cybersecurity threat to your company’s data loss is YOU.
According to IBM’s CyberSecurity Intelligence Index, no less than 95 percent of all data security incidents are triggered by human error: employees who are getting tricked by digital scams.
While it may sound more intriguing to think Boris from Moscow is nefariously writing code to steal your customer information or intellectual data, it’s usually just Brian from accounting who downloaded a PDF of an invoice filled with malicious code.
The IBM report revealed while insiders were responsible for 60 percent of all attacks in 2015 – up from 55 percent in 2014 – roughly one-third of those attacks were carried out by inadvertent actors, compared with nearly one-half the previous year. Inadvertent actors are typically well-meaning employees (or other insiders) who either mistakenly allow an attacker to access your organization’s data or fail to pay attention to your company’s cybersecurity policies (if you have them!).
Phishing scams or malware-laden email attachments make up the vast majority.
Your employees probably aren’t scheming to take over your business or fleece your customers, but if they’re not practicing good cyber security, they are endangering your data.
An Ounce of Cybersecurity Prevention is Worth a Pound of Cure
Education and repetition are key in protecting your business from cybercrime, but creating a risk-conscious workplace is easier said than done.
First, it’s important that you have cybersecurity policies. Writing these policies may seem daunting, but a good managed security services program or enterprise solutions team can help you prepare these after a thorough analysis of your data security. These policies should be tailor-made for your organization because no two business environments are exactly the same.
Security Awareness Training
Once these policies are in place, it’s time to educate your employees.
According to research, 93% of data breaches are linked to phishing and other social engineering incidents targeting your workforce’s gullibility. Arming your employees to be able to recognize and react appropriately to this type of internal threat is key in fighting the problem. A strong security awareness program can assist you in both understanding your employees’ knowledge in relation to cyberthreats and training those employees to improve their cyber awareness. This, in turn, protects your business.
You also need to remind your employees on a regular basis which threats are out there, how to recognize them and what actions to take in the event they run into anything suspicious.
Professional training and at-will digital training programs also will help reduce employee risk.
Will this stop all the risky behavior? Probably not. But it can work to curb the No. 1 threat to your organization’s data: you and your employees.