Your business critical systems, applications, and data are under a constant state of threat. In fact, a recent Cybersecurity Ventures report finds that a ransomware attack occurs every 40 seconds—and by the end of 2019 an attack is projected to occur every 14 seconds. It’s clear that you need a vigilant army of end users acting as an impenetrable wall. Unfortunately, they more than likely form a Swiss cheese-like fortress.
That’s a problem.
“Poor digital hygiene is a fundamental problem thwarting organizations across the globe. It’s an issue cyber criminals will continue to exploit until the world builds more cyber resilience,” notes Insurance Business magazine.
Certainly, our Ransomware Watch consortium partner, KnowBe4, beats the cyber security training drum loud and often. And, with good cause. After all, spear phishing is responsible for ninety-one percent of all hacks today.
Simply put: Your employees are making you vulnerable, cyber criminals know that, and they’re taking advantage of it.
So, what do you do?
Train your employees, of course. Granted, it’s not a perfect solution—cyber security training will not prevent all malware from breaching your systems. That said, it’s an important component of your larger cyber security strategy.
Here’s what you should be thinking about…
Arm your leadership with cyber security training early
Your organization’s leadership are sporting bright, shiny targets on their backs. Why? Consider the following factors:
- More access: Leadership generally possesses the “keys to the kingdom”—meaning they have access to more files and databases than the average employee
- Fraud: They have the authority to make purchasing decisions, sometimes leveraging a process as simple as an email authorization
- Contact info: Their email addresses and phone numbers, often included in business documentation, are often easily found with a quick Google search
Given the very busy schedules most executives tend to keep, cyber security training sometimes needs to be broken up into a series of short modules or provided on-demand. That’s okay. The easier you make the process, the more likely they are to commit to the training.
What’s more, if they’re on board, they can lead by example—demonstrating the importance of digital hygiene for the rest of the organization.
Keep employees sharp with monthly interactive cyber security trainings
Those large group cyber security seminars? Ditch ‘em.
Instead, distribute general information about cyber security via email, online resources, and interactive training modules. Then, invest in training exercises, like phishing testing, to assess your risk and target employees who might need a little extra support.
When it comes to cyber security training, we recommend your trainings are:
- Frequent: Most companies should hold monthly trainings to keep up with the pace of malware innovations and evolving cyber attack methodologies
- Mandatory: Hacks affect all employees equally, so everyone should participate in cyber security trainings
- Interactive: Work with a trusted cyber security company, like our Ransomware Watch consortium partners, and run simulated campaigns to evaluate your protection systems and test users’ ability to identify scams
- Personal: Convey that poor digital hygiene at home could not only threaten their personal data, but spread an infection to the business via personal mobile devices
The payback of proper cyber security training is huge
Cyber security awareness training does not have to be difficult or time-intensive to be effective. And, done well, the payback is huge.
And, with ransomware attacks targeting business users up 26% this year, it’s something we all need to take seriously.
The art of the scam is nothing new. While ransomware attacks now fuel a continuous stream of breaking news, we only have to think back to the many distraught Nigerian princes—all who suffered the loss of their uncles and were desperate to find safe places to stash their unexpected inheritances—to remember how long these “spray…
If the ransomware threat wasn’t already keeping you up at night, surely the attack on Atlanta has left you questioning the strength of your cyber defenses and disaster recovery. Now, it should be abundantly clear to all who work in local government that you are under attack. And, it’s up to you to ensure critical…
Once again, cyber attackers are proving no one is safe from a ransomware attack. This time, it’s the City of Atlanta that has fallen victim. So, what do we know? Experts suggest Atlanta may have been infected by a variant of SamSam ransomware; the same family deployed against governments and hospitals since 2015. In this…
Like a terrible foot fungus, and not nearly as pleasant, SamSam ransomware just won’t go away. This customized ransomware strain first entered the scene in 2016 and, today, it’s powering the types of targeted cyber attacks that should give all of us pause—especially those in the healthcare industry. Just consider this: In the past three…