1. Smart People Do Dumb Things
A recent independent study by IBM found that human error contributes to nearly all cyber security incidents. Poor patch management, weak passwords, lost laptops or mobile devices, and system misconfiguration are just some of the mistakes employees unwittingly make that leave your data vulnerable.
What does the manager or owner of a small- to medium-size business do with that info?
The answer is simple: Training, training, and more training.
In the 2014 US State of Cybercrime Survey by PricewaterhouseCoopers, 42% of participants said security education for new employees played a role in deterring potential attacks.
Unfortunately, many company leaders aren’t convinced. They underestimate the internal threat and, therefore, assume awareness training is unnecessary or too expensive.
Even the security world understands the stigma against training. "There are three things you don't talk about in security: religion, politics, and security awareness training," said (ISC)² board member Jennifer Minella.
However, decision-makers should take note of the financial impact the State of Cybercrime Survey found. Companies without security training for new hires reported average annual financial losses of $683,000 compared to companies with training that reported average financial losses at $162,000.
The numbers speak for themselves. Security awareness training is vital.
2. A Passive Approach to Security Must End
No matter who you are in the U.S., a cyberattack is no longer a question of if, but when.
There are 80 to 90 million cybersecurity events per year, with close to 400 new threats every minute, according to a report put out by Bank of America Merrill Lynch. The bank found that up to 70 percent of attacks go undetected.
If those numbers aren’t enough to make a business leader reconsider his or her passive security approach, consider this: Most companies won’t know they’ve been hacked until it’s too late.
An attack on JD Wetherspoon, a pub chain in the UK, went undetected in late 2015 for about six months. The names, personal information and credit card details of more than 600,000 customers was stolen by Russian hackers.
Small business owners often eye a breach such as this with a sigh of relief and the thought, “I’m too small for anyone to care about my data.” Unfortunately, that’s just not true. U.S. House Committee on Small Business Chairman Steve Chabot reported in 2015 that 71% of company cyberattacks occur at businesses with less than 100 employees.
3. Protecting Your Business is Easier Than You Think
While the security threats facing business leaders can be overwhelming, overcoming them doesn’t have to be. Every company, regardless of size, can immediately take these three steps to create a more secure environment.
- Audit Vulnerability Risks: You have to know your vulnerabilities before you can protect them, and making an educated guess can prove a costly gamble. An IT security services provider like TekLinks can help you evaluate your situation and prioritize your next steps.
- Conduct Quarterly Security Awareness Training: Start simply. The low-hanging fruit in most organizations is to educate their employees. Even small efforts here can produce great results.
- Do the Upgrades: Operating systems and applications that are no longer supported by their creator need to be upgraded or replaced immediately. Unsupported software leaves too many holes for cybercriminals to exploit.
For more tips on securing your business, check out “The 5-Step Plan for Improving Your Technology Security”.
WHO IS TEKLINKS? A national leader in cloud computing, managed services, engineering services, and value-added resale. We’re a team of expert techies and business professionals who are passionate about building valuable relationships and getting things done right. Simply put: We make IT work for business. Learn more at TekLinks.com