Just how much does your company truly know about cyber security?By Bill Dunnion
If I’ve said it before, I’ll say it again: everybody needs to be a cyber security expert in 2020 and beyond. And though that may sound slightly hyperbolic, it’s actually not even close to how we as a global society need to embrace the sentiment.
For instance, did you know that there were 4.1 billion records exposed through breaches in just the first half of last year?1 Now pair that with the terrifying statistic that only 5% of companies’ folders are properly secured and protected from cyber threats.2
Oh, but there is more. This year there will be 300 billion passwords in use worldwide—last year more than 23 million accounts were breached from using the password ‘123456′.3 And lastly, at least for this article, close to 85% of all enterprise workloads will be cloud-based by the end of this year.4
Hyperbolic? Not even close.
Take that information and also think about what’s happened in 2020 alone. As entire global workforces have been forced to move to Work From Home (WFH) environments, IT departments and individuals have been forced to address even more vulnerabilities to ensure even the most basic security measures.
With all of this said, what’s the key to ensuring you keep your company safe? It’s all about education, more education, and when that’s all done add more education. Simply put, ask yourself the question: just how much does your company truly know about cyber security?
So, if education is the answer, the next question is where to begin.
One of the primary things I have taught our customers over the years is that ensuring people are aware of cyber crime and the associated techniques is paramount. And though many have at first felt as though the subject matter is almost too harsh—people may be wary of being exposed to too much of the cyber criminal underworld—the reality is that we all need to be aware and vigilant.
To address these concerns, I suggest making it fun for all involved. Yes, some of the subject matter can be intense, but if presented with an almost Sherlock Holmes-like approach where everyone is asked to be a sleuth to figure out the plot, the criminal techniques, and the crime, people will embrace the true nature of the task in a much more enthusiastic way.
Once you have people up-to-speed on the latest and not-so-greatest scams and criminal activities, try running tests throughout your organization. Whether it be phishing scams, social engineering techniques, and so on—test your employees (all in a controlled and safe manner) and then use the “victims” as a learning tool. In fact, there is no need to even name names. But pointing out where people fell for a scam will prevent others from falling for the same ruse.
Of course, there are also just the basics that always work well. Reminding people of safe password techniques, when and where to connect to outside networks, what mobile apps to avoid—all of these things should be an ongoing and constant reminder in the workplace.
And finally, teach people not only how to use cyber security technology, but also why it’s used. No one likes to add complexity to their lives, but when it’s explained in a way that reinforces the message, that it’s about their safety as well as the organization’s safety, they understand and will embrace the technology and the message.
The world of technology has become a wonderful place, but simultaneously a scary place. But knowing what to look for, how to react, and how to avoid traps is not just half the battle, it’s the entirety of the battle.