October is National Cybersecurity Awareness Month (NCSAM) and it’s the perfect time to implement a new educational training series for your employees. Continuous education programs can help safeguard your employees’ confidential information and protect against cyberattacks and data breaches that can lead to crippling financial damage, fraud, and identity theft.
Now in its 17th year, NCSAM focuses on internet security as a shared responsibility for all — something that Sontiq emphasizes to all the organizations and partners we work alongside. Embedding helpful reminders and security best practices throughout your employee and customer communications is an ongoing process.
Unfortunately, internal errors are still a leading cause of data breaches for companies of all sizes and in all industries. Additionally, as we’ve seen the consumerization of IT grow exponentially, Bring Your Own Device (BYOD) policies and apps that aren’t “company approved” continue to serve as a gateway for breaches. In fact, 74% of IT leaders from global enterprises report that their organizations have experienced a data breach as a result of a mobile security issue. Let’s examine why, and then review some of the training programs you can put in place to keep all your key constituents vigilant.
Employee Negligence & Security Breaches
It happens every day. An employee clicks on a phishing email, accidentally uploads confidential data to a public-facing website, or loses a company-issued device. Before you know it, hackers are holding your company hostage with ransomware or stealing the Personally Identifiable Information (PII) of your employees and customers.
According to Shred-it’s 2019 State of the Industry Report, corporate executives admit employee negligence has led to 52% of security breaches. For most of your employees this is just a matter of awareness, vigilance, and being taught what to do (and what not to do) in certain situations.
Today’s Digital & Remote Employee
An “always-on” workforce means that no matter where they go, they are connected — and their devices can send and receive corporate, and perhaps highly-sensitive data. This has never been more accurate as it has been in 2020, with the global COVID pandemic driving massive online traffic for working, learning, and playing — and introducing greater organizational risks through employees’ home network threats. Cybercriminals have a series of new attack surfaces they can use to gain entry to company networks, email accounts, and unsecured devices. And, with the influx of COVID-19 scams, including those targeting the remote workforce, your employees are now increasingly exposed to criminals stealing their personal information.
If you now have a large contingent of remote workers, be sure that they receive the same thoroughness of security training as your on-site employees.
5 Keys to Protect Against Cyberattacks
Whether your in-house IT or Information Security teams deliver the training, or you outsource it to a third-party, properly educating your employees is essential to guide appropriate online (and offline) behavior and reduce your risks of a data breach. Be sure to include these five topics:
- Password Security
Passwords hold the key to unlock the company data fortress. Help your employees understand the importance of safeguarding passwords, keeping them lengthy, random in nature, and updated regularly. No one should ever write down their passwords or reuse passwords across different websites. Instead, instruct them to utilize a password manager. You can even have them take a password strength test.
- Suspicious Email Detection
CEO fraud and phishing scams, often known as Business Email Compromise (BEC), can be easily spotted if you know what to look for. Train your employees on how to identify a suspicious email and not to click on any of the links.
- Appropriate Web Usage
If you leave the entire Web open to employees, be sure to train them on how to only visit secure (https) websites that are work appropriate. Visiting untrustworthy sites can expose company assets to malware.
- Portable Storage Devices’ Best Practices
If your employees use USB drives or external hard drives to store or transport files, training them on how to secure their data is another important step. Portable storage devices can be easily lost, stolen, or misplaced.
- Vigilance = Protection
When an employee is the source of a security breach, they can negatively impact thousands of lives. Not to mention, their company could face millions of dollars in fines and fees as a result. Let them know these consequences, and that termination is often the outcome for employees whose actions lead to a data breach. Organizational security is everyone’s business.
Our company’s recent webinar, Going the Distance: Tips for Protecting You & Your Family Against Heightened Fraud, is an insightful and complimentary resource. Share it with your employees, customers, partners — essentially anyone you think would benefit from learning more about protecting business and personal information in a digital environment.