Everyone wants their company to be in the news headlines. But sometimes it’s a bad thing when it happens.
High profile cyber security failures over the past few years landed many companies in the headlines as the world found out how their IT systems had been brought down by viruses, ransomware, hackers and other cyber crime.
Businesses caught up in these events can have money stolen, intellectual property taken, confidential customer data compromised and be taken offline and unable to carry out their core business while dealing with the issue.
Unfortunately these high-profile cases we’ve all heard about aren’t the whole story – cyber crime costs businesses a staggering $400 billion annually both in terms of the damage that is done during the attack, the cost of fixing the issue and the cost of repairing business reputation afterwards.
According to the Ponemon Institute the average cost for a small business when they have been hacked is around $690,000 and for companies at the middle of the market the price is well over $1 million.
The statistics are even more eye-watering than that: according to the US National Cyber Security Alliance, 60 per cent of small businesses that are victims of a cyber attack go out of business within six months.
Important steps to take including creating a business continuity and incident response plan, keep your security software current, ensure all your software is patched and up-to-date, protect all devices that connect to the Internet from viruses and malware, use security software to scan all USBs and external devices that are connected to computers on your network, encrypt sensitive files and have clear policies and procedures in place.
The weakest link: people
All of these things will help you to safeguard against cyber crime. But these things don’t just occur in a vacuum. In order for them to be effective you need to focus on the biggest cause of cyber security incidents: your employees.
This can include things like clicking on suspicious links, opening attachments that contain viruses and malware, falling for phishing scams, paying fake invoices and other scams and hoaxes designed to gain access to systems.
Why you need to train your staff
In order to prevent your employees from compromising your security, you need to build a culture of IT security within your organization. This includes regular and ongoing training and education campaigns designed to keep IT security front-of-mind.
If your people don’t understand what the risks are and what role they can play, it’s only a matter of time before your company becomes part of the unfortunate statistics.
Keeping the conversation going around cyber security is essential – especially as threats evolve and hackers find new and improved ways to gain access to systems. You can’t just expect the average non-IT employee to keep up with trends in global IT security risk.
It sends pop-up notifications straight to the desktops of employees and appears in a way that can’t be ignored or missed – unlike emails.
Many companies use it to advise of issues like system outages, planned maintenance, warnings about cyber security issues that are emerging such as the spread of a new virus, and so on, taking pressure off the IT help desk.
DeskAlerts can also be used to send general reminders and education about cyber security to ensure ongoing awareness.
These questionnaires, like the pop-up alert messages, are also sent straight to their desk tops and you can see results in real time.
You can ask your employees questions about user behavior, present scenarios ask employees what they think could have been the cause of a system malfunction, ask about security breaches and so on.
These surveys and questionnaires will give you a good way of pulse-checking where your people are at in terms of cyber security and you can analyze the results to determine which areas need more focus so you can provide more targeted training.
Here are some questions you can ask your employees (correct answer is in bold):
What do you do if an notification pops-up on your screen whileyou are visiting a website letting you know you’ve won a new phone, computer or a lot of cash?
Ignore it and continue with the site
Click the pop up so you can claim your prize
Share the link with your friends and colleagues
Leave the site immediately and report the details to your system administrator
You receive an email from your company’s bank letting you know there is a problem with your account. It wants you to log in to correct the issue. Do you:
Click through to rectify the problem
Delete the email
Delete the email and call your bank?
What are common features of phishing emails?
Obvious spelling and grammar issues
Official logos of companies you know and trust
All of the above
What’s the best way to keep hackers from being able to compromise your password?
Write it down and keep it locked somewhere safe
Make it something that’s easy to remember
Use many characters including upper and lowercase letters, numbers and symbols
All of the above
Surfing the web on “incognito mode” keeps you safe from hackers, true or false?