What’s the biggest threat to your company’s computer & network security?
It might surprise you to learn that almost 90 percent of cyber-attacks are caused by human error – an employee mistakenly clicking on a phishing email or leaving their laptop out in the open is far more likely than a criminal cyber-attack.
Once you understand the nature of the threat you’re dealing with, it’s much easier to address it. Here are some common issues that are easily avoidable:
Increased Threat of Phishing Emails
Phishing is the practice of sending an official-looking email in an attempt to get the recipient to enter sensitive information like login credentials, credit card numbers or even their social security numbers. The senders of these emails then use the information they’ve obtained to commit fraud.
These emails have come a long way in recent years. They now look very official, and even highly-educated executives sometimes fall victim to them. In fact, several years ago, tech giants Facebook and Google were duped out of $100 million due to phishing scams!
You can expect to see even more phishing scams coming to light over the next months and years. They’ll continue to get more sophisticated and the cost of dealing with the fallout will grow. As of today, it’s estimated that a phishing scam can cost the average medium-sized business around $1.6 million per occurrence.
Other Common Cyber Security Errors
While phishing is a major concern, it’s not your only computer & network security issue. Many innocent employee behaviors can leave your company vulnerable and could lead to serious consequences. Some examples include:
- Leaving work computers unlocked and unattended
- Leaving notes, passwords and other sensitive documents out on your desk
- Working remotely on unsecured networks
- Failing to delete data from devices
- Failing to encrypt data before sending
Security breaches caused by employees who are purposely engaging in malicious behavior are rare. In most cases, they’re caused by a lack of knowledge or simple negligence. You can address this by making frequent and consistent cybersecurity training part of your internal practices.
The Value of Security Training
While firewalls, encryption and other security measures are critical for keeping your data safe, proper employee training is your number-one line of defense. The first step is to create a clearly defined written set of cybersecurity policies and rules and distribute it to all of your employees. The second is to institute a mandatory training program that occurs during onboarding and at least once per year thereafter.
Some of the topics that should be addressed during a training session include:
- Overview of threats (phishing, malware, etc.)
- Password best practices
- Safe internet habits
- Social media safety and security
- Device maintenance and security
- Preventative measures
Between training sessions, regularly test your employees and require a remedial class for anyone who fails. This will help keep the information in the forefront of their mind all year long.
Improve Your Company’s Computer & Network Security
The consequences of a security breach are serious and can devastate a small- to medium-sized business. Fortunately, most of the vulnerabilities are preventable. Network Security Associates can help implement systems and processes to bolster your computer and network security. Contact us at 702-547-9800 to schedule a network security assessment.