In the US alone, 783 cases of data breach were recorded in 2018 that resulted in 85.61 million records being exposed. Some of you might even recall the massive data breach at Equifax in 2017, when about 143 million accounts were affected. These numbers are staggering!
Customers even received email from the credit reporting agency that their name, social security number, address, and even driving license information might have been leaked.
Think for a moment about when unknown parties know your personal information – the information you use to identify yourself to a bank, utility company, or a credit card company over a phone line. Have you ever wondered in how many different ways this information can be used to exploit you? Such is the situation of data breaches that we rarely recognize their aftereffects, until we are personally affected by a similar incident.
In December 2018, Rutland Regional Medical Center was the victim of a data breach when an unknown individual gained access to the email accounts of nine employees, containing over 72,000 medical records.
The bigger question is, why were important medical records shared in the emails when the institute could have used a centralized medical records system?
If you think these cases are not alarming enough, the US Government’s accountability office presented a report in 2018, which mentioned that the Department of Defense’s weapons control system had shocking vulnerabilities that could put US security at a risk! For instance, the weapon system would falter and shut down on its own with a simple scan of the computer systems.
This is like someone ringing your doorbell, and your door gets unlocked and opens up automatically!
Further, the services managing the systems used default passwords that could be deciphered with freely available Internet resources. The report even found that these passwords were never changed since they were first implemented.
Even though all these security breaches seem a little less surprising, it is 2019, and still we haven’t moved on from the security protocols of the 90s. The fix for these security breaches can be as small as applying a security update, or as complicated as the development of a state-of-the-art encryption method.
Contrary to these ‘famous’ cases, the organizations that become the most common targets of cyber attacks are actually the ones we use every day, the ones that make up the majority of our country’s business, the small and medium sized companies, the startups, and the sole proprietors. These businesses don’t really have the bandwidth to develop security solutions on their own, nor do they have the resources to implement them.
This leads us to probably the most important aspect of fighting cyber threats,cybersecurity training.
The rationale for educating employees on cybersecurity is a straightforward one: if your workforce doesn’t know how to recognize a threat, how can they be expected to respond to it?
Quite simply, they can’t.
If we have a look at the statistics, the 2019 State of IT Security Survey established that email security and employee training were among the top problems faced by IT companies today. The survey also found that 30% of the employees didn’t know what phishing or malware was.
This is the major reason why scams like Business Email Compromise (BEC) resulted in staggering losses of over $3 billion.
One must wonder! Don’t these companies implement security systems like firewalls and anti-malware software?
They certainly do, but that’s not just enough. For starters, employees, and not technology are the most common points of vulnerability exploited by the phishers. And we also know that as humans, the employees tend to make mistakes, and get tempted by a clickbait or a fake profile that is, unless they’re trained in a cybersecurity training program!
What kind of cybersecurity program your employees need?
On a basic level, your workforce needs online cybersecurity training to protect themselves and your company against cyberattacks. For employees to be able to spot and prevent different types of security breaches, they’ll need basic training to understand how different cybersecurity threats can present themselves.
To start with, training videos to help your employees identify spam content in emails, social media messages, and invitations is pivotal. Then, showing them what a falsified email might look like, who it might come from, and what kind of information it might ask for.
Today, passwords are required to unlock different types of devices, for logging into accounts, and for using several kinds of work-related applications. It’s a lot to remember, so most people use generic passwords that can be easily unraveled. That’s why cybersecurity awareness training should help your employees understand the importance of secure authentication and setting strong passwords.
Learn how protection of company data can help your employees to identify and report cybersecurity threats, and safeguard confidential enterprise data (Second Part).