Playing defense against cybercriminals includes many different components. However, there is one that is considered to be the most important, which is the human component. The human layer refers to the activities that you and your employees perform. It is estimated that 95% of security incidences involved human error. Errors that could have easily been avoided had the training and knowledge been provided. One of the biggest risks a company can take is to assume their employees are educated on cybersecurity and care enough to follow the proper policies.
At a minimum, any company should:
- Participate in a password policy program, changing passwords every 30-60 days, or anytime an employee resigns or is terminated.
- Participate in cybersecurity training, held by the organization, at least every 6 months.
- Provide incentives to employees for security conscious behavior.
- Distribute sensitive information on a need to know basis.
- Require two or more individuals to sign off on any transfer of funds.
- Always watch for suspicious behavior due to cybercriminals.
There is not one person or department that should be exempt from the above recommendations. However, the training sessions for each department could look a little different. For example training the Accounting and the HR department would look a little different. Accounting staff may not need a deep dive into how to make job postings safe on LinkedIn, and the HR staff may not need all the details on EFTs. If you need assistance with cybersecurity training, our team is well-trained on delivering a successful and education program in under 2 hours!
In our recent blog post “Defending against cyber attacks”, we discuss how human error is the leading cause of breaches, but the technology that’s involved is also important. It’s not uncommon for organizations to think a simple antivirus program will keep them protected. But in today’s world, that’s far from reality. There are so many ways to get into a network that circumvent antivirus software. Hackers are creating viruses faster than antivirus programs can recognize them (about 100,000 new viruses are released daily).
In order to offer your organization protection, you must take the responsibility of updating your technology and training your employees. At The Purple Guys, we specialize in not only employee cybersecurity training, but we have a dedicated security team that can talk through your environment and technology to make sure you have the fullest potential of protecting your organization. Contact us today for more information!