642 million. In the first half of 2016, this is the number of known compromised accounts which include the social media websites of LinkedIn, MySpace and Tumblr. According to Symantec, phishing attacks in 2015 increased by 55 percent. There are parts of the dark web dedicated to the sale of hacked passwords, credit cards and personal information. Like it or not, the bad guys are coming for your data. The problem is so widespread that there are websites dedicated to checking if your account has been compromised.
In the past, security has been thought of [in the corporate world] as an IT problem. However, with increased access to the internet, coupled with the multitude of personal devices brought into the workspace, cybersecurity is now everyone’s responsibility. The majority of all security breaches are a direct result of human error, not a lack of defense. Shared passwords, opening “innocuous emails”, clicking on bad links – all contribute to holes in your cybersecurity armor.
Prevention against apathy & lack of understanding of the problem comes in the form of education. Explaining the impact of a security breach to employees… in lost man hours, customer trust & revenue helps make the issue more than “just an IT problem”. Identifying the types of attack vectors will help your employees be aware of what to look for and question suspicious websites, emails & social engineering activities.
The cost of cybercrime is real & palpable. A study by HP and the Ponemon Institute showed that cybercrime costs a company an average of $15.4 million. There are both direct and indirect costs: loss of intellectual property as well as lost opportunity costs & reputation… not to mention the cost of recovery such as securing vulnerable assets. In addition, legislation has been proposed which could impose penalties for not reporting a security breach involving sensitive personally identifiable information.
Limiting your company’s exposure to cyber-attacks starts from the ground up. First and foremost, as mentioned above: education, education, education. It is every employee’s responsibility to look out for and be skeptical of things that don’t pass the smell test. Periodic meetings discussing the different types of attacks, sharing relevant items in the news and having an open-door policy for reporting unusual activity will help employees identify possible threats.
Be open with your employees about attacks that happen - explaining the how and what of the event and then steps taken to remedy the situation. In addition, communicate what will be done to prevent similar problems in the future.
Always invite feedback from your employees regarding security policies and clearly document steps for reporting an incident. It’s important not to discourage employees from raising concerns, even if they turn out to be false alarms.