Does your company have an awareness campaign about cybersecurity? Do you and your fellow employees know what to do if you receive a suspicious email, phone call or letter? Does your employer have an automatic notice on all external emails (messages that don’t originate from within the company)?

If you answered “No” to any of the above, you need to have a conversation with your manager, IT Director, CEO, board, etc. Please do not go another day without coaching your employees on the basics of cybersecurity and what they can do to help prevent your company from becoming the next victim.

Consider these two astonishing facts:

  1. 50% of security incidents were stolen user credentials during the last 12 Months. That’s usernames and passwords, folks.
    Source: https://www.helpnetsecurity.com/2018/09/13/phished-credentials/
  2. 90% of email attacks are malware-less. The majority of attacks are emails that do NOT contain a virus. In other words, emails are going through employees, who are doing what the criminals want.
    Source: https://www.helpnetsecurity.com/2018/09/14/malware-less-email-attacks/

 Benefits of a Cybersecurity Awareness Campaign

  • Most awareness campaign items are free or very low cost
  • Employees will know what to do with suspicious items
  • Employees will realize a threat is bigger than a simple virus or email
  • Monetary losses can be stopped before they happen, rather than you trying to recoup the money afterwards
  • Brand reputation is increased with lower risks of a data breach
  • Insurance rates can be lower with threat reduction
  • Compliance with regulatory firms is increased
  • Information is kept secure
  • Employees will have a proactive culture

How Do I Get Cyber-aware?

  1. Check out these great FREE resources from CyberSecure My Business
  2. Consider purchasing an Awareness Campaign System such as the two below. Both of these are incredibly great services that allow automated emails to be sent to employees for testing purposes. Both services also contain awareness materials to help educate your staff.
    KnowBe4 – https://www.knowbe4.com/
    Wombat – https://www.wombatsecurity.com/
  3. Consider doing a disaster recovery tabletop exercise. This is NOT an actual attack on your systems but simply a meeting of key employees discussing what they would do if your systems were hacked.
  4. Finally, if you do nothing else, talk about cybersecurity at your next meeting.

Have another thought, tip or suggestion? Leave it in the comments below. I would love to hear from you!

October is National Cybersecurity Awareness Month!  Each week this month I’m bringing you a new article focused on that week’s specific cybersecurity theme. Let’s raise cyber awareness and stop cybercrime!

 

 

Posted by Elvis Huff

Elvis Huff worked as an officer and network administrator for 12 years with the Lebanon Police Department and has also served as an adjunct professor in information systems at Cumberland University. Read More »

Leave a reply

Your email address will not be published. Required fields are marked *