Why employee negligence is the main factor in data breaches
Cybersecurity is big business these days. Last year, cybercriminals exposed 2.8 billion consumer data records in 342 breaches, costing U.S. organizations more than $650 billion. Attacks on the nation’s financial services industry cost more than $6.2 billion in the first quarter of 2019 alone, up from just $8 million in the same period last year. In 2018, personally identifiable information, such as date of birth and/or Social Security Numbers, accounted for 97% of data breaches, and healthcare was the most affected sector, falling victim to almost half of all breaches. While investments in information security products and services have been steadily rising, with $114 billion invested last year alone, the cybercriminals aren’t slowing down. They are attacking organizations across a wide range of industries as they continue their nefarious mission of stealing valuable consumer data.
Sadly, employee negligence is the main factor in data breaches. A new state-of-the-industry report found that 47% of business leaders admitted that human error, such as the accidental loss of a device or a document, had caused a data breach at their organization. Today more than ever, remote employees and your data are basically everywhere. In most cases, remote employees have access to files from the comfort of their own home and can download documents to their phones. A report from the Ponemon Institute also determined that in 2017, data breaches cost companies an average of $3.6 million. That kind of money is enough to severely cripple or even wipe out smaller businesses.
Figures like these illustrate why it’s so important for businesses to adopt a proactive stance when it comes to cybersecurity, putting policies and training in place to educate employees on cybersecurity, and implementing best practices for keeping the data of the companies, their employees, vendors, and customers safe. Many companies are now partnering with firms such as Surprise, AZ-based Kobargo Technology Partners to educate their employees on the ins and outs of recognizing phishing attacks and other harmful exploits.
These companies have come to realize the importance of making cybersecurity a part of their corporate culture even for remote employees by getting control over their remote devices, such as laptops, tablets and phones. This can easily be achieved by using a mobile device management solution. Along with creating an offboarding process for employees that includes wiping data from personal phones and collecting company devices. This not only protects the company and employees, but also helps employees understand and incorporate best practices at home to protect their own personal identifiable information.
Cybersecurity Awareness Training is key to a security strategy for any business. But just because someone is aware doesn’t mean they actually care. So how can you implement a strategy that works with, rather than against, human nature? Here’s the great news. Creating a security awareness strategy that not only educates but reinforces good behaviors can be achieved and it’s as simple as leveraging social dynamics to drive behavior that reshape the company’s culture.
You must train your employee’s to be more aware of the risks associated with clicking links in unknown emails. Research shows that 91% of successful data breaches started with a spear-phishing attack. We have come to realize that simulated phishing tests are also desperately needed as an additional security layer. Phishing your own users is just as important as having antivirus on each PC and a network firewall.
Your employees are your first line of defense against malicious attacks so make sure they are armed with the knowledge to be a human firewall.
Kobargo’s Cybersecurity awareness training program is delivered online in short, engaging videos that will not impact user productivity. To ensure that users are getting the most out of the training, Kobargo’s cybersecurity team creates and sends simulated phishing emails to continually test users’ ability to spot and report a phishing attempt.
There is no question about whether a data breach will occur, it’s a matter of when. Start with teaching your employees about what makes you vulnerable and then implement a strategy that works best for you.
To learn more about Kobargo Technology Partners and their Security Awareness Training, log onto Kobargo.com.
Yuval Goren has been an IT Consultant and Network Engineer since the early days of IBM 390 mainframes, coax terminals, Novell Netware 2.x and Lotus Notes 3.0. He has over 20 years of experience in systems integration, project management and the design, deployment and management of local and wide area networks, network infrastructure, as well as virtual and onsite servers. Passionate about technology and its possibilities, Goren provides innovative services that help other businesses harness the power of technology to improve profitability and operational performance.