Majority of cyber attacks start with a phishing email, in fact as of 2017 over 91% of attacks followed that trend. That’s an alarming percentage but also communicates the reason why a cyber criminal would choose that attack vector. The adversary is fully aware that the target has invested heavily in security solutions that will deter their attempts to compromise hence they opt for a much easier highway that has a higher guarantee of success. The old saying ‘The human element is weakest link in the security chain’ is still valid up to date.
Users are the first line of defence against cyber threats
Poor Cyber Hygiene
We always advice our kids to wash their hands before they eat, after using washroom or after leaving the playground. Simple but very effective and practical steps that keep them from getting sick and spreading germs. It’s not so different in the cyber domain. Employees who avoid clicking on suspicious links or downloading email attachments from unknown source will be playing their part of securing the organization. This also goes out to senior and executive who frequently travel and have to access corporate email and other confidential data while in public places – airport launches, hotels, restaurants, Gold clubs etc. Securing the corporate is everyone’s business and everyone should play their role.
Don’t tell show them show them
Cyber Security awareness is not a teaching class. Providing definitions and warning staff of the consequences will not yield the results expected of awareness session. Don’t just tell your staff there is a CEO scam going round but show them how the email is structured, let them appreciate how to detect one and more importantly how to respond when they receive one. Create simulations (Phishing campaigns) to enable staff grasp the concept and they will act better when confronted with one in real life.
Don’t just check a compliance checkbox
Majority of corporate run awareness programs due to the fact it’s a requirement by a regulator. The purpose of awareness is drained to just meeting compliance forgetting the bigger picture of enlightening staff on cyber risks. Meeting compliance requirement looks good on the face value but that doesn’t mean the corporate is secure. Awareness programs needs to be run continuously and be gauged whether they are positively influencing the cyber security posture of the organization. To captivate interest from staff members let the learning process be fun and convenient to their schedule. One extra point to remember is that you are dealing with human beings with feeling so throw in some awareness content that will help them while at home and for their kids. The program will get more attention if staff realizes they can personally benefit from the awareness sessions.
Participate in industry forums
Staff members need to participate in industry forums and meet up as they get to appreciate industry issues. It’s not a surprise for non-technical forum to be discussing challenges they face in cyber security given the way technology is entrenched on almost everything. Insights from such forums enable to understand how their industries are responding to the issues and may carry back some knowledge which can be used at their work places. Every staff member should at least attend a forum (in person or online) so that they get to understand how other players in the vertical are addressing cyber security issues. Feedback from such forums can aid the corporate improve their cyber security awareness programs.
Cyber crime will continue to cause havoc to majority of the organizations – both large and small. Global losses attributed to cyber crime keep sky rocketing with predictions indicating that by 2019 cyber crime will lead to annual global loss of more than $ 2.1 trillion. That’s alarming! The responsibility of securing the corporate can’t be left to a small team in the Cyber Sec department. It’s every employee responsibility to play their part in defending the organization from cyber threats.
2018 © Villbo Group Limited.