This week’s theme for National Cyber Security Awareness Month is: Cyber Security in the Workplace is Everyone’s Business. Last year we wrote up a guide on how to develop the best cybersecurity training policy for your business. This year we want to highlight why training your employees is so important.
It’s not enough to rely solely on your software
Hear us out. Security technology like antivirus software and internet firewalls are absolutely essential when it comes to your company’s cyber security. But, you can’t overlook the part that your employees play in your cyber security training. In 2016, Data Privacy Monitor reported that 24% of breaches were due to human error, the second biggest cause after phishing, hacking and malware (and let’s not overlook the fact that the key way phishing attempts and malware compromise your network is by tricking a user or taking advantage of a mistake.) Falling prey to a phishing email or clicking through a dubious security warning on a web page is all too common a mistake for people busy getting their day-to-day jobs done, and they’re all the more likely to fall for such things if they haven’t been given a basic amount of training on what not to do. And if you need some convincing on why this is as important as we say it is, read up on some of these high profile breaches that occurred because of human error.
Along the same lines, keeping software like your operating system and web browser up-to-date is probably the most critical thing that protecting against new security vulnerabilities. But it’s also important to remember that employees may not understand how important those updates are. Training them on why updates are necessary and letting them know how critical it is to install them even if it does sometimes require an inconvenient reboot or browser restart can make all the difference.
You’re not too small
We talk about this with our clients and prospective clients constantly… no company is “too small” to worry about cyber security these days. Some hacking attempts absolutely do target their victims for some reason: high-value data in their systems like financial or healthcare records, for instance. But there are also a good number of phishing/spoofing attacks that are completely random or even completely automated. One of the most disturbing types of malware, known as “ransomware” is very often propagated on an automated basis and it even generates revenue for the “bad guys.” You stand as good a chance as any larger business of being targeted. And for small businesses with more limited resources, the stakes are all the higher since a breach could hurt you financially, ruin your reputation, or even be the end of your business.
Here are some stats from a 2012 Champlain College Research Study to put this in perspective:
- 60% of small businesses fail within 6 months of a data breach
- 50% of confirmed data breaches targeted small businesses with fewer than 1,000 employees and 31% targeted businesses with fewer than 250 employees
- 92% of businesses who experienced a breach said they lost personally identifiable information (driver's license numbers, credit card numbers, social security numbers)
These statistics should not be taken lightly. If you think you’re safe because you’re small, it’s time to change that thought. And if you think you want to chance it, take a look at what could happen to your business in the aftermath of a data breach.
Technology is always changing
This one is pretty simple, and one I think most of us are well aware of. Technology is always changing - so is the way that we make sure your business is secure. However, as technology improves, so do hackers. This is why it’s so important to have cyber-savvy employees. Because there could come a day when a hacker is one small step ahead of the latest updates in cybersecurity and one vulnerable computer in your office could be their way onto your network. But cyber-aware employees could be the necessary barrier between the hackers and your network.
Finally, 83% of small businesses report not having a cyber security plan. Don’t let that be you, and don’t forget to include your employees in that plan. If you’re unsure where to start check out Stay Safe Online and the FCC’s cyberplanner.
As always if you’re curious to see how your cybersecurity, or security in general stacks up, give us a call!
For similar posts check out our master list of Cyber Security blogs.