Cyber Security Awareness
Because October is Cyber Security Awareness Month, we thought we would take a look at how organizations can raise awareness of cyber security among their own employees. Many studies have shown that employees are the usually the weakest link in the cyber security chain and all could benefit from more frequent, consistent training. This is not to say that they are the only firewall against cyber attacks (see article #3), but the more they know the more they can be helpful in shoring up your cyber security efforts.
Employees are the weakest links when it comes to the security of an organization.
This slide show identifies 10 tips that can help you educate your employees and develop policies that will help mitigate ever-growing cybersecurity risks.
Expecting non-security professionals to be able to identify and stop the intrusion methodologies of today's cyber adversaries is unrealistic, costly and provides little benefit for the effort required.
The first step in reducing the role of human error in cyber security incidents is to establish a cyber security policy for your employees that states the do's and don'ts of cyber security.
Even the most knowledgeable workers take big risks with company data.
Small businesses need a cybersecurity strategy to protect their own business, their customers, and their data from growing cybersecurity threats.
As always, I look forward to hearing about your concerns with regard to business continuity. If there are any topics that you'd like to see covered, email me at
Bob Mellinger, President
1. Building Trust: Cyber Security Guidelines for Your Employees
Data breaches costs to companies are huge. According to research carried out and published last year, 90% of large organizations suffered an information security breach. Another recent report states that the economic risk of mobile data breaches for an enterprise could be as high as $26.4 million. Unfortunately, half of the most severe security breaches are caused by human error.
2. Top 10 Tips for Educating Employees about Cybersecurity
Over the past couple of years, the world has become well acquainted with the idea of cyber data breaches. It seems like a new massive data breach has been reported week after week, with each seemingly exposing more records than the last. From Target to Home Depot to eBay to the federal government, most people have data at risk. While these threats are most often initiated by outsiders - nefarious programmers writing malicious code designed to pilfer corporate data, siphon confidential customer information and/or raid company financial data - cyber criminals are too often able to gain access due to employees' ignorance and/or negligence.
3. When It Comes to Cybersecurity, Look Past Your Employees
Threat prevention is an ongoing process; it's not something that you do once and walk away. So stop spending time and money trying to make users security experts and start spending on improving your threat prevention program. By no means is the author saying that employees shouldn't receive cybersecurity training. But that training should be focused on making them aware of the organization's security policy and procedures, not training them to be cybersecurity experts.
4. 10 Things to Include in Your Employee Cyber Security Policy
When addressing cyber security threats, human error is a factor that is often overlooked. However, according to the 2014 IBM Cyber Security Intelligence Index, over 95% of all incidents investigated involved human error. Although human error can never be eliminated entirely, incidents can be reduced by establishing clear cyber security guidelines and providing regular employee trainings.
5. Does Employee Cybersecurity Training Do Any Good?
Found an unidentified USB stick lying around in a public place lately? If so, did you plug it into your computer? Don't laugh. Almost one in five (17%) of the 200 people who recently came across one at random--in an airport, coffee shop, or public square--plugged it in, then proceeded to open a text file and click a link or email an address in it. The really discouraging part, notes CompTIA's new study on cybersecurity, is that even techies who surely knew better let their curiosity get the best of them.
6. Cybersecurity for Small Business
Whether a business is thinking of adopting cloud computing or just using email and maintaining a website, cybersecurity should be a part of the plan. Theft of digital information has become the most commonly reported fraud, surpassing physical theft. Every business that uses the Internet is responsible for creating a culture of security that will enhance business and consumer confidence. In October 2012, the FCC re-launched the Small Biz Cyber Planner 2.0, an online resource to help small businesses create customized cybersecurity plans.
Quote of the Week:
"If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked."
-- Richard Clarke
White House Cybersecurity Advisor