Do you have a cybersecurity awareness training program in your office? If so, what’s the central theme?
How about…slow down.
There are of course many tenets of a successful cybersecurity awareness program, but none more central to stopping human error and negligence.
According to the Ponemon Institute’s 2017 State of SMB Cybersecurity report, negligent employees were the number one cause of SMB data breaches.
Let’s look at why cybersecurity awareness is lacking and what companies can do to address the issue.
Don’t be Patient Zero
It’s not that employees are always aloof about security protocol—they just underestimate the importance of their personal involvement. The Ponemon report found that 49 percent of employees considered cybersecurity to be a shared responsibility. This view is troubling for many reasons:
- An attachment or link in a phishing email only needs one infected endpoint for data to be breached or the network held hostage.
- All employees have personal devices, and unless there are network safeguards in place to prevent access—they likely can access them from home, or the local coffee shop.
- Many SMBs do not have such safeguards in place.
The Workflow Conundrum
Heightening cybersecurity awareness across a company might sound as simple as sending memos and role-playing cyberattack scenarios. However, that awareness does nothing when trying to change the psychology around something. The following causes employee negligence:
- Hectic schedules
- Workflows predicated on convenience
- Good ole fashioned habits (e.g., “Remind me later” when faced with security update prompts)
- Lack of company reinforcement
In turn, risky behavior occurs, such as:
- Reusing or creating easy-to-guess passwords.
- Failing to regularly update computer software.
- Falling for phishing attacks.
- Sending work documents to personal email and vice versa.
As Slate writes, “When people engage with fast technology they operate reactively. How many times have you mindlessly recycled an old password when signing up for a new website?”
Strengthening Company Awareness & Reinforcing Safe Online Behavior
Running a tight ship when it comes to cybersecurity awareness is only as strong as your riskiest employee. At a minimum, you should:
- Have everyone in the company—from the CEO to entry-level employees—routinely undergo phishing attack simulations.
- Implement password management software for all login accounts.
- Have an umbrella network security policy that includes employee-owned devices.
- Use a VPN if employees work remotely.
Businesses looking to improve cybersecurity awareness would do well to pair it with a cybersecurity policy.
The right policy can protect your company’s financial assets should your business suffer interruptions, reputational damage, hefty ransom demands, or other effects from cyberattacks.
So, how to protect your company from the aftermath of cyberattacks? Cyber Policy offers cyber insurances to protect your business from cyberattacks and data breaches. Get a quote today.