Why should you offer a security awareness training program – aka cybersecurity training - for you and your employees? Good question!
Answer - the sheer volume of global statistics pointing to sophisticated attacks on end users. It is the number one cause for security breaches worldwide.
Wow. That’s quite a statement!
But don’t take my word for it. Listen to the security professionals who study this and publish reports for a living.
One such company is Trustwave Global Security. They publish annual reports about the dark underbelly of security globally.
Their latest annual report, the 2019 Trustwave Global Security Report, is 74 pages of mind-numbing statistics. It’s also very good technically and very detailed. But it should be; security is the service they provide!
In their latest report, which is the basis of my research for this introduction, Trustwave states:
“Unfortunately, the weak point in most breaches remains the end user. Phishing and other social-engineering techniques were the most common methods of compromise in 2018 in every type of environment, other than e-commerce, and were responsible for a majority of breaches in POS and cloud environments” Trustwave Global Security.
Their report, based upon the breaches they investigated affecting thousands of locations across 19 countries in 2018, listed by the highest number breaches by region:
1. Asia-Pacific 35%
2. North America 30%
3. Europe, the Middle East, and Africa 27%
4. Latin America and the Caribbean 8%
Knowing how busy you are as a business owner or manager, I’ll spare you all the statistics and reduce it down to keep it simple
Just two points:
1. North America ranks 2nd in the world for successful breaches.
2. You must train yourself and your employees. We will repeat this.
All that said the goal of this article is to give you a short and simple guide on how to train yourself and your employees and avoid security breaches at your business
Written in plain English, this article will supply you with the informational nuts and bolts you must know.
The introduction is over. Let’s get started.
The biggest cybersecurity threats are ‘already inside your building.’
The statement above ‘already inside your building’ is meant to get your attention.
Employee-related security breaches are one of the most common reasons for successful attacks
This statement is also true. Not only that, we have experienced this here at DTS InfoTech.
A good cybersecurity defense includes:
- technological expertise
- employee training
But the one defense that is not getting the press it deserves is end users also known as employees.
That’s you and me!
The employee who almost caused a security breach here at DTS InfoTech is me.
Hi! I’m Wally. Based on my embarrassing experience (smile and wave), I consider myself qualified on this topic.
Our security partner, Barracuda, is more qualified than I am:
Barracuda, the worldwide leader in security, says to, “…fight phishing and other potentially devastating attacks that can slip through security gateways. These evolving as sophisticated attack techniques, designed to fool employees, put your business at risk for data loss, financial fraud, and embarrassing exposure.”
“With PhishLine, you guard against every facet of social-engineering threats with continuous simulation and training for employees. Expose them to the latest attack techniques, and teach them to recognize the subtle clues and help stop email fraud, data loss, and brand damage. Embed learning into your everyday business processes with customized simulations that test and reinforce good behavior.”
Training yourself and your employees is one of the most effective means of protection against attacks. With professional and affordable training, a business owner can:
- Customize Training to Make it Engaging and Relevant to Your Users
- Identify Human Risk Factors in a Non-Threatening Manner
- Protect Your Business with Updated Content That Guards Against The Latest Threats
- Automate Your Anti-Phishing Program - Execute consistently to stay ahead of hackers
- Automate Incident Response and Get Access to Threat Insights
See how PhishLine works: https://bit.ly/2wJjVKy Short video, only 1 minute and 22 seconds.
There are some other things you must do as well
Conduct a security risk assessment
Understand potential security threats (e.g., downtime from ransomware) and the impact they may have on your business (lost revenue). Use this information to shape a security strategy that meets your specific needs. This assessment can be simple and effective.
Protect your network and devices
Implement a password policy that requires strong passwords. Deploy firewall, VPN, and antivirus technologies to ensure your network and endpoints are not vulnerable to attacks. Consider implementing multifactor authentication. Ongoing network monitoring should also be considered essential. Encrypt hard drives.
Keep software up to date
It is essential to use up-to-date software products and be vigilant about patch management. Installing software is not “set it and forget it.” If you forget to update your software the bad guys will get you.
Cybercriminals exploit software vulnerabilities using a variety of tactics to gain access to computers and data and staying ahead of the bad guys = patch management.
Create straightforward cybersecurity policies
Write and distribute a clear set of rules and instructions on cybersecurity practices for employees. These policies will vary from business to business but may include policies on social media use, bring your own device, authentication requirements, etc. Here too, these policies can be simple and effective.
Back up your data
Daily backups are a requirement to recover from data corruption or loss resulting from security breaches (such as ransomware). Consider using a modern data protection tool that takes incremental backups of data periodically throughout the day to prevent data loss.
One last time, for goodness sake, train your employees!
Because cybersecurity threats are constantly evolving, an ongoing semi-annual training plan must be a standard for all employees. Training should include examples of threats, as well as instruction on security best practices (e.g., lock laptops when away from your desk). Hold employees accountable.
Right now, as you’re reading this, your company could be falling prey to a cybersecurity attack. And the chances are very good that it’s unnecessary, if one employee, on one computer, was trained and knew what to do. So, when it comes to cybersecurity training for employees, the only question left to ask is, are you doing enough?
DTS InfoTech Can Help
DTS InfoTech is very good at training your employees on how to prevent cybersecurity attacks. Even when employees make mistakes (like I did) DTS InfoTech has your back; you will not lose data, and you will not have to pay for a Ransomware attack. Let us show you how!
Most small businesses do not have the technical resources to understand all this geek stuff. If this describes you, we can help.
If you would like more information, please give us a call, we’re always happy to chat, and the call is free!
Dedicated to your success,
dts|infotech . . . secure computer networks that work