Recent cyber security statistics reveal a huge increase in hacked and breached data over the course of 2020. This could be due to technology trends, a side effect of the pandemic, the increased prowess of cyber hackers, and the vast amounts of unprotected data in the workplace. Although the root cause of the increase in security threats may be changing, the front line of the war against cyber crimes still lies under the watchful eyes of your employees. Training your employees to spot red flags of a cyber crime may very well be one of the best investments an organization can make outside of a top-notch IT department or IT Managed Services. Today we will be examining the types and frequency of training that should take place at your office, as well as a review of the most common threats that your employees may come in contact with on a daily basis.
Cyber Crimes Stats
According to a recent McAfee report, cybercrime will cost the global economy more than $1 trillion this year: $945 billion in monetary losses and $145 billion in cybersecurity spending. There is no doubt that 2020 was a record year for the number of records exposed in security breaches. So if you thought the pandemic would slow down these hackers, you are sadly mistaken. If anything, the coronavirus crisis has sparked a massive surge in cybercrime. From just February to March of 2020, malicious website domains exploiting the coronavirus crisis for phishing and malware attacks grew by 569%, according to Interpol. Data breaches have cost large corporations as well as small and medium-sized businesses heavily, both monetarily and in terms of reputation. This has forced businesses of all sizes to consider data protection seriously and implement robust cyber security defenses. Employees are an integral part of this defense. Before we look into the training protocols that may be necessary and what the main threats include, let’s take a moment to look at what the statistics are showing about cyber crimes, in case there is any doubt in your mind that your employees can identify red flags that could save your company revenue and reputation.
Data breaches exposed 36 billion records in the first half of 2020. (RiskBased)
95% of cybersecurity breaches are caused by human error. (Cybint)
45% of breaches featured hacking, 17% involved malware and 22% involved phishing. (Verizon)
88% of organizations worldwide experienced spear phishing attempts in 2019. (Proofpoint)
The average cost of a data breach is $3.86 million. (IBM)
Employee Training: How Much and When?
The coronavirus pandemic created a new cyber playground for hackers. As such, security protocols might need to change and further involve employees as a strong first line of defense. In response to these threats, many organizations are fortifying their security by training employees that handle data, access emails, and may spot issues before they become a problem. Our team at Spectra Networks suggests working with an experienced IT company that can help establish strict cyber security best practices, provide cyber security training to employees, and conduct continuous monitoring to build an effective defense strategy.
Make Training Mandatory
No one likes the term mandatory, especially when workplace meetings are concerned, but you wouldn’t teach only a few of your employees the emergency exits would you? Everyone needs to know about this threat from the front desk to your marketing team. Be sure to include every member of your team on these training sessions. This may require multiple sessions to capture everyone at a time that is convenient for them while not causing your business to have to shut down during training sessions.
Cyber Training as a Part of Onboarding
Include cyber security as a part of your onboarding process for new hires. While they are learning about company policies and gathering login credentials, an email address, and all the paperwork necessary to get started, take some time to review best practices for recognizing phishing scams, ransomware attacks, and other security breaches.
Practice Simulations & Examples
To improve your team’s readiness as well as practice recognizing the red flags that could prevent a cyber attack, many organizations run simulations and show examples of what to be on the lookout for in regards to email scams, virus laden attachments, and fraudulent websites. Practice sessions can help keep employees from becoming flustered and succumb to the hijinks of hackers or scammers.
Practice Ongoing Review & Training
Cyber security training is most certainly not a “one and done” proposition. If ever there was a time to circle back to something in business, it is the idea of training for cyber security awareness. Regular and ongoing security training can help keep everyone in the loop about the latest tactics and techniques being used by malicious actors.
Top Threats Explained
There’s an army of criminals out there just waiting for the smallest vulnerability in your business security to infiltrate, grab data, and use it to their advantage. Small businesses are probably most at risk as they don’t have the budget or time to have a dedicated IT department or training sessions on the latest cyber threats. Here is just a short list of the top security threats that your front line employees may be able to help with given a little training and knowledge.
We have spent a lot of time talking in past blogs about phishing scams, how to avoid them, and what to do if you should fall victim. It makes sense that this is our top threat as 1-in-every-99 emails is a phishing attack. Given many of us get hundreds of emails weekly, it’s highly possible there is one sitting in your inbox right now. Since phishing scams are mostly initiated via emails, texts, or fraudulent websites, it's a good idea to teach your team members how to spot a scam before they are the next person who fills out the wrong form or clicks a malicious attachment. Some of the biggest red flags of a phishing scam include: emails asking for confidential information, forms that should be submitted, grammatical or spelling errors on email headings, and emails from questionable institutions.
A ransomware attack involves malware that is introduced into the system and denies access to stakeholders. The attack usually involves an ultimatum to pay up or forfeit ever being able to access your sensitive business information again. Obviously, the best way to prevent this from happening to your organization is to have a Disaster Recovery Plan and strong back up protocols. Beyond that be sure to have the latest security software, updates, and patches on your devices, even the devices brought from home by employees. The way your team can help potentially mitigate this type of security disaster is to always click “yes” when the window prompts the question, “Do you want to install updates now?” Remind your team that those upgrades and updates include security patches and new software that can keep all of your devices safer than with the previous version.
Distributed Denial of Services (DDoS) is a type of cyber attack that works by flooding your system with requests, thereby disabling it from processing legitimate requests. If you can’t access your legitimate requests, your business will suffer. Your team members can be trained to recognize when this is happening to your system. Once it is recognized, team members can notify the IT department or your managed service provider to block the offending IP address, thus stopping the flood of requests. Your IT department may be able to add more bandwidth to be able to handle high volumes, or they may modify their disaster plans to include this type of attack as a possibility in the future.
Now that the pandemic has many of us set up and working from the comfort of our own homes, there are a multitude of security issues that your team may need to be reminded about or informed about. Remote work from your home could lead to issues with security in regards to your antivirus and malware protocols as well as how secure your home wireless system truly is. Remote working also leads to increased data-sharing through the internet which can be risky as you are using your own device and/or your home wireless. Be sure to talk to your IT department about how you can optimize your security even when you are logging in from home.
While many companies allow team members to “bring your own devices” (especially since the outbreak began), most IT security experts believe that this is a highly risky activity. In order to ensure that the device is secure, check with your IT team about security software that may need to be installed and techniques you can use to maintain the highest level of security especially when it comes to eliminating the chances of data compromise and cyber threats.
A Final Word
As we get further into 2021, it is important to take a closer look at where your organization stands in regards to cyber threats and how your team members can become your front line of defense with a little training and guidance from your IT department. If everyone is vigilant and aware of the potential cyber threats lurking on the horizon, it will be that much easier to spot them once they come into focus.