How many breach notifications have you received in the last five years? According to the latest data breach statistics, I would wager that you’ve received multiple notifications. Access any news site and it’s clear that cyber security breaches are rampant. In February 2015, Anthem announced a breach affecting 80 million patient and employee records. That same month, a multi-bank cyber-heist was discovered to have funneled more than $1 billion out of multiple banks. And possibly the most consequential of all: The U.S. Office of Personnel Management (OPM) revealed in June that a hack affected 22.5 million federal workers and 4.2 million other individuals. Among the stolen information were fingerprints and background checks on individuals with high security clearance (including the Director of the FBI). A foreign power is suspected.
It seems there is no light at the end of the tunnel for companies trying to protect their assets and sensitive data. These breaches are costly—in financial, personal, and national security terms. The White House has declared October National Cyber Security Awareness Month, stating “the cyber threat is one of the most serious economic and national security challenges we face as a nation.” Your company’s employees need to be aware of the dangers that lurk in the cyber world.
Hackers are getting more sophisticated with their attacks. Even large enterprises with security teams and monitoring systems are not able to stop breaches when a single employee clicking a phishing link can jeopardize the company’s sensitive information. Employees must understand how to safeguard data and protect company resources. Cyber security training should be a continuous effort and not just a checkbox. Think about your own employees: are they taught what not to click and what to watch out for? Humans are arguably the weakest link in the security chain and, therefore, the most important to address. Malware has become remarkably sophisticated and security tools are struggling to keep up with the massive amount of malware introduced daily into the cyber world. Educating the end user to spot phishing attacks or to recognize suspicious activity on their computer and report it quickly can mitigate the damage caused by an infection that could lead to a compromised computer or network.
Many standards and legislations including PCI DSS, SOX, HIPAA, Red Flag Rule will require a security awareness program to be in place. To be compliant you must train your employees on good cyber security practices. An appropriate course will help teach employees safe computing practices such as:
- Help employees realize they are the target
- What role each employee plays in protecting sensitive information
- Detect phishing attacks
- Proper handling of sensitive data
- Reporting suspicious activity
- Good password strategies
In the digital age, no company is completely safe from hackers with prying eyes. Companies must add cyber security awareness training to their security arsenal and ensure that all employees are properly trained on the risks and threats that exist in the cyber world.
Learn more about how UL is addressing Cyber Security and how to train your workers to help keep your company safe.