Is Cybersecurity a major priority for your business? Well, let’s discuss some facts on the latest trends in cyber-attacks and data breaches.
IBM Security has published the Poneman Institute’s Cost of a Data Breach Report for the past 17 years. It is the benchmark report offering help in mitigating the rising costs of data breaches.
Some key facts noted in the report:
- 1 in 5 data breaches (23%) comes from human error.
- 38% of lost business increased from $1.52 to $1.59 million in annual losses from breaches.
- $4.24 million in average losses over 537 organizations. Which encompasses 17 countries and 17 industries.
A Microsoft Security Intelligence Report also reported a 250% increase in phishing. It noted phishing was the most increased attack vector.
There has also been a significant increase in phishing attacks since the onset of COVID-19. It reported that over 300,000 suspicious COVID-19 websites were created between March 9- March 23, 2020.
Here are a few reasons why Cybersecurity awareness is critical for all your employees:
- Cyberattacks have been increasing in the past 3 years.
- There are significant financial costs in detection and escalation, notification, post-breach response, and loss of business.
- 23% of data breaches are caused by human error!
The last place a company wants a security risk is from within its own company. Through proper training and education, employee empowerment, small actionable steps, and phishing education will help bridge the gap in cybersecurity awareness.
Employee empowerment is a higher motivating factor than “company-mandated” training.
Employees focus on their daily tasks at hand. For most, there is pressure to solve problems and create viable solutions in an 8-hour workday. “Mandatory training” can come across as impeding on an employee’s daily responsibilities.
Empowering an employee gives them a sense of ownership in protecting the company. Though they still need to know, “Why is this important to the company?”
Instilling the importance of cybersecurity training:
- Being clear on why cybersecurity is everyone’s responsibility, not specific departments.
- Having a clear buy-in and support of the importance of training from the top-down in an organization.
- Provide short, relevant, and easy to implement training.
- Being consistent in delivering training is top-of-mind for employees.
Seeing clear consistency across all departments gives employees a clear sense of teamwork. For complete buy-in, they must know this is a clear priority for the entire company. Providing the necessary tools, resources, and training empowers employees to take personal responsibility within the company.
Providing smaller and actionable retention steps:
Retaining all training information can be difficult to remember. Providing small steps to help employees incorporate their learnings daily may increase productivity.
Here are a few actionable steps to take:
- Provide a 3-5 min instructional review training video once a week.
- Incorporate “habit stacking” into existing work-related routines. Productivity expert BJ Fogg says it is easier to incorporate a new habit, with an existing habit. Basically, instead of adding on another habit to monitor cybersecurity, incorporate it into an existing habit done daily. Learn more about this great tactic here.
- Add a cybersecurity awareness tip to the department’s weekly department meetings.
Educating employees on how to recognize phishing activities:
Things to know:
- Phishing comes through email.
- The scammer creates a legitimate-looking email with official company logos, verbiage, and messaging.
- The goal of the “Phisher” is to gain confidential access/information.
- Phishing leads to damaging banking and credit card fraud, corporate espionage, and identity threats.
The types of scams:
- Tech support scams: Suggesting there is something wrong with your computer and you should “click now” to fix the problem. Once a link is “clicked,” malware infects the computer.
- Spear-phishing scams: Targeted attacks on an employee or the corporation. The scammer uses research to make the email appear credible.
- Whale-phishing scam: An attack directed at senior executives/high-level employees.
Employees receive a high volume of e-mails daily. Educating them on the distinct types of phishing attacks, what to look for, and what to avoid will help instill cybersecurity awareness. Recognizing suspicious behavior will protect both their workstations and the company’s and client’s information.
Cybersecurity is a crucial part of your business. Incorporating the proper training and resources will provide peace of mind. Preparing for cyber-attacks will save you from financial losses while reducing your stress level. We’re happy to discuss any ways we can protect your business.
Click here to talk with us about your cybersecurity protection strategy.