Did you know that according to Microsoft, around 20 per cent of small to medium sized businesses have been targeted by cyber criminals?
There’s big bucks to be made in cyber crime. Around $400 billion is estimated to be lost to cyber criminals globally each year.
Cyber criminals don’t discriminate: any business can be a target. Not only can they cost you an enormous amount of money, but you can also suffer intellectual property loss, reputational damage and leave you exposed to legal action. And in the worst circumstances, they can completely destroy your company and put you out of business.
Unfortunately it’s believed that around 59 per cent of cyber security breaches that take place in organizations happen because of actions taken by employees. This includes falling prey to phishing scams, opening unsafe email attachments, not keeping passwords safe, downloading malware, spreading viruses and so on.
Many of these situations are entirely avoidable and could be prevented by creating a culture of security awareness.
One of the best ways to do this is to teach and regularly reinforce messaging to your employees about the risks that can be posed to your company when security is lax, and what types of threats they should look out for.
Cyber security training should form part of every new employee’s onboarding education experience when they join your organization. Refreshers should also be offered because its easy to file information away and forget it.
Consider regularly sending hints, tips and reminders to staff about cyber threats and what to look for, for example via DeskAlerts pop-up notifications that can’t be missed or ignored.
You should also ensure that security is a company-wide focus that every employee is expected to have a role in protecting – from the very top down to the most junior employee.
In order to do this you may need to change your corporate culture, but it is important that your senior managers display leadership and “walk the walk” as well as “talk the talk”.
Managers should be careful not to say negative things about any added security measures that are in place, such as having to regularly change passwords. They should be leading by example.
An added benefit of having security conscious employees is that when you do have a security breach, it can generally be contained more quickly so less damage is done. This is because they’ll better understand what a security breach is and know how to report it. Overall you should experience less security breaches, and ideally you will have none at all.
Additionally, depending on where you are locate in the world, you may have legal requirements to have awareness training and preventative measures in place within your organization. There are some laws that require businesses to have formal information security awareness programs in place.