I recently received one of those emails no one wants to find in their inbox. It was from Yahoo!, recommending that I change my password. Apparently, back in 2014, the info for 500 million users was hacked (Nice of them to tell me now! Who knows how many exiled Nigerian princes and Russian mobsters have already used my information to subscribe to Netflix.)
Other than the fact that Yahoo! had so many users, there’s no surprise here. Everyone knows these sort of hacks are inevitable. With the increased usage of the Cloud, the IoT and mobile devices, billions of new connections are formed every minute — it’s a target-rich environment for the bad guys.
And the situation is only getting worse. According to two recent reports, the Check Point 2016 Security Report and the SANS Institute's 2016 Threat Landscape Survey, malware is expanding at an unbelievable rate with a nine times increase in the amount of unknown malware hitting businesses. According to both studies there were “nearly 12 million new malware variants discovered every month, with more new malware discovered in the past two years than the previous decade.”
Employees, naturally, continue to be the weak point for these attacks, particularly through the increased usage of mobile devices. Smartphones and tablets now account for 60 percent of digital media time and are an easy access into a company’s network. Unknowingly employees are downloading new malware at the rate of one every four seconds.
If a large conglomerate like Yahoo! with all its security protocols and firewalls can be hacked, what’s a small business to do? Putting your head down and hoping you don’t get hacked is like the guy jumping off a 10-story building. As he is falling, people on each floor hear him saying, “So far, so good.”
The name of the game today is “SECURITY.” From the CEO on down to the mail room, every employee must understand that their job description includes electronic security. Below are four easy to implement tips for creating a cyber secure workplace:
- Make cybersecurity training a regular occurrence, an annual review isn’t enough.
- Explain cyberattacks, including awareness of an attack and the procedures for reporting it.
- Encourage employees to speak up about cyber security issues; they can have important points of view that may be overlooked by security professionals.
- Regularly test every employee including top level executives. Do this in a way that is harmless and related to their training.
Damage from a cyberattack and remediation is expensive in terms of money. It’s even more expensive in loss of reputation. The best time to educate and train your employees about cybersecurity is now, before a breach occurs. Because just like the guy jumping off the 10-story building, it’s the sudden stop that will kill your organization