Cyber security has become the defining issue of our times, and adjusting to the increasing risks requires mandatory employee training for everyone handling sensitive information.
32% of businesses have experienced a cyber attack in the past year. Businesses lost an estimated $388 billion from these attacks. Spending on recovery from viruses alone topped $55 billion. That number likely does not include the recent NotPetya attacks on Maersk, a shipping company responsible for one out of every seven containers shipped globally.
To mitigate these risks, businesses need more than just defenses against outside aggressors. 60% of all cyber attacks stem from actions taken by inside employees. A quarter of these — meaning 15% of all attacks — were the result of critical employee mistakes.
Protect your business from internal weaknesses with cyber security training and consulting. By teaching your team how to avoid common mistakes, your company can avoid untold losses and a permanent blemish on its reputation.
A huge percentage of employees lack basic knowledge about cyber security risks. According to a Google Survey from a few years ago, 25 million warnings were issued through Chrome browsers regarding unsafe sites or suspicious links, yet 70% of these warnings were ignored because people failed to fully understand the warning message. Employees must be taught the most basic cyber security information to prevent bad practices or risky activities from creating vulnerabilities.
For instance, many of the most damaging data breaches of the past decade were caused by one simple mistake: copying sensitive data in an unencrypted form to vulnerable hardware. An estimated 45% of healthcare data breaches occur this way. In 2012, the Cancer Care Group accidentally released the personally identifiable information (PII) of 55,000 people after a single laptop got stolen. Given the magnitude of the breach and their failure to protect PII, they were fined $750,000 for violating the Health Insurance Portability and Accountability Act (HIPAA).
Other employees fall victim to phishing scams, accidentally revealing login IDs and passwords to bad actors. Without training for recognizing phishing techniques and carrying through with the appropriate action, the mistake of a single employee can lead to an entire business’s network being compromised.
In order to educate employees on these basic cyber security principles, businesses must first take an inward look at the data they collect, the networked systems they use, and how both are accessed. They can then implement access control technologies to more clearly define roles and privileges within the system, locking employees out of any information non-vital to their jobs.
Employees can also be instructed to avoid risky practices. For instance, no employee should ever copy unencrypted data directly onto a device that can get stolen. All copied data should be encrypted and, ideally, accessed remotely through a secure portal rather than stored on portable physical media.
Policies like these can be created following a thorough audit with the help of a cyber security consultant in Connecticut. You can then implement a comprehensive training program to enforce policies while teaching employees to recognize threats. The training solution we recommend at U.S. Computer Connection even allows you to simulate phishing attacks in order to “drill” with your team and record their performance over time.
Stop employees from compromising your systems, leaking sensitive customer data, and creating huge security gaps that cyber attackers can walk right through by looking into employee cyber security training today. In a world of increasing risks, your business cannot afford to wait for the next attack to be underway.