Each year the National Cyber Security Alliance promotes Cybersecurity Awareness Month during the Month of October. It's estimated that over 90% of breaches occur as the result of user error, so developing a culture of cybersecurity in your organization is more important than ever. Each day in October we posted a Myth or a Tip on our social media, and as much as a month of increased awareness helps, Cybersecurity is really an ongoing effort.
It takes just ONE person in your organization to click on the wrong link or fall for the latest trick to do a lot of damage. All the technology protection in the world can't completely prevent the damage. If you're not educating your employees, how are they supposed to know? Does EVERYONE in your organization know what a Business Email Compromise scam is? Does EVERYONE in your organization know what typo-squatting is? Does EVERYONE in your organization know that small businesses are just as likely to be hit by cyber attacks as big businesses (that make the headlines)?
One of the most frequent comments we get is "My data, or the data I have access to isn't that valuable." This is a myth! At the surface, this really seems to make sense for a lot of smaller organizations. It may make a lot of sense why a hacker would hit a big business, but keep in mind it's not about how valuable the data is to the hacker, it's how valuable is the data to YOU? The vast majority of cyber threats are automated and non-targeted, and small businesses can wind up being the path of least resistance for criminals.
If you lost access to all your data in a ransomware attack either for a few weeks or permanently, what would that do to your business? The time to develop a plan is BEFORE anything happens, not in the heat of the most stressful days of your life after an incident. What would happen if you lost access to customer history or billing records? What if you lost access to your critical line of business applications and couldn't server your customers? What if the data got leaked?
The point of this discussion isn't to scare you, it's to make you AWARE so you can take appropriate action to help stay safe. There are many smart and affordable things a small business can do to help stay secure. About half of threats hit smaller businesses, so no one is under the radar.
The basic foundation of security is critical: Firewall, Antivirus, Security Patch Updates, etc. These are important for EVERY user on your network. What are your policies? Do you allow employees to work from home on a computer they share with their family? Can employees connect personal devices on your office network? Security doesn't have to break the budget, but it needs to be front and center.
One of the very simple things we advise is to take some time to talk about security during your staff meetings. We have the entire library of tips and myths available on line so even just discussing one topic a month will make a difference and build that culture of security. Check out our social media posts for October and please use these to start staff discussions. Follow us online to get more updates! (See the "Connect With Us" icons on the right side of the page).
Many security experts these days say that security STARTS and ENDS with the human factor. Sometimes people refer to this as the "Human Firewall". Talk to your team and make it a part of your culture.
Interested in more than just a DIY approach to training? Check out our training platform which includes weekly micro training, annual training, compliance documents, and more.