Cyber Security Awareness and Training
In a 2019 study performed by IBM, it was discovered that almost 95% of cyber-attacks are caused by human error or behavior. Meaning of 20 breaches recorded, up to 19 could have been avoided with proper security training for staff members. A 2019 survey by Microsoft revealed that although 83% of organizations had strengthened computer and system security over the past couple of years, less than 30% have conducted training for employees. In fact, 17% of decision makers admitted to spending only a couple of days on cyber risk topics over the past year.
64% of executives stated a cyber-attack on their organization would be the largest driver of increased cyber spending and unfortunately, that could be too late. Of all cyber-attacks, it has been found that 43% are aimed at small businesses, with the average loss per company being around $200,000, according to Hiscox, an insurance carrier.
Top risks for untrained employees:
- Inappropriate sharing of data via mobile devices
- Loss of devices by employees exposing the organization to risk
- Inappropriate resource use by employees
- Employee actions leading to cybersecurity incidents
Top security awareness topics to cover during training:
- Email scams: Teaching basic email safety sounds pretty straight forward, but employees need reminders. Simple policy guidelines like “never attach documents to emails that contain sensitive information” or “only open emails and attachments from trusted sources” can prevent costly problems. We cover best practices and help establish safety protocols for your team.
- Password security: Proper passwords are critical to protecting your business. We help your team learn how to create and maintain secure passwords on their devices and accounts to protect themselves and your company. Related article: Build better passwords.
- Phishing and Social Engineering – Phishing is particularly dangerous because such effort is put into making bait look legitimate. When your employees are busy, it’s easier to mistake a piece of phishing bait for a legitimate item. We arm your team with knowledge of the latest tactics and tips for spotting phishing. Related article: Top five cyber risks you need to know.
- Malware: It’s important to ensure your team is prepared to prevent devices from being infected with malicious software. Educated employees and a trusted IT/security partner set you up to stay safe and operational.
- Removable media (USBs/CDs etc.): Removable media can be used by cyber criminals to bypass an organization’s network-based security. Malware can be installed and configured to automatically take place or have a trusted or enticing filename to fool employees into clicking. We help ensure your employees are aware of the threats and proper procedures for media.
- Social networking dangers: Cyber criminals utilize social media for attacks that put organizations systems and reputation at risk by means of phishing, impersonation of trusted brands, and the utilization of information to create spearfishing emails. Being aware of the tactics helps you avoid problems.
- Bringing your own devices: BYOD policies allow staff members to bring personal devices such as computers and smart phones to work and utilize them. If this is enabled, protocols must exist to prevent the use of these devices from creating gaps in your security infrastructure. We woek with you to establish the policies you need and train your staff to be successful in handling security.
Cyber security is so important for businesses of all sizes. A security breach is always detrimental and can put smaller companies out of business for good. No company ever said, “We were too prepared.” but “Hindsight is 20/20.” has been true for too many. If you are ready to learn more and ensure your company and its employees are prepared for cyber security threats, contact JFG Business Tech today.
Sources:
- https://www.continuum.net/blog/the-basics-of-cyber-security-training-for-end-users
- https://www.cnbc.com/2019/10/13/cyberattacks-cost-small-companies-200k-putting-many-out-of-business.html
- https://blog.usecure.io/the-role-of-human-error-in-successful-cyber-security-breaches
- https://www.microsoft.com/security/blog/wp-content/uploads/2019/09/Marsh-Microsoft-2019-Global-Cyber-Risk-Perception-Survey.pdf
- https://www.kaspersky.com/blog/the-human-factor-in-it-security/