With the threat of cyber-attacks on the rise, the introduction of the Mandatory Data Notification laws and the growing awareness of cyber security, you would think that people are getting better at identifying and preventing these attacks, right?
The State of Privacy and Security Awareness Report from security firm MediaPRO has found that employees actually performed worse this year than in 2017 across all eight threat vectors that were measured. Some of these include knowing how to spot a phishing email, identifying malware warning signs and general social media safety.
The report found that Finance sector employees performed the worst out of all the industries measured with 85% of finance workers showing some lack of cyber security and data privacy knowledge.
Also troubling is the fact that staff in management roles or above showed riskier behaviours than entry or mid-level employees. 77% of respondents in management showed a general lack of awareness of cyber security, while 74% scored the same in lower level positions.
These numbers should be particularly troubling for businesses, given the sharp rise and sophistication of cyber-crime and the requirements for business under the Mandatory Data Notification law.
We live in an age where stories about cyber security are constantly swirling, which can actually create a sense of security fatigue, but these levels of riskiness are alarming. It only takes one person to click on the wrong email that lets in the malware that infiltrates your company’s data. Without everybody being more vigilant, people and company data will continue to be at risk.” Tom Pendergast, Chief Security & Privacy Strategist at MediaPRO.
How can you improve these numbers?
Create formal plan
A formal cyber security plan can be included in your overall IT or Technology Strategy. A formal, documented plan for cyber security will mean that staff have a process to follow if such an incident arises.
Are your staff using outdated computers? Are all software patches up to date? Is new software compatible with your current hardware? These type of questions are ones that are addressed in technology or cyber security strategies, and allow you to see where there may be risks in your business.
As part of your formal plan, it’s worthwhile including a Disaster Recovery Plan in the event that the worst case scenario does happen.
Train your staff
Users are the last line of defense in your business. It doesn’t matter how great your security software is or how much you spend, all it takes is one misplaced click on an email and your whole system can be compromised.
Staff should be trained to pick out red flags and the techniques that hackers use to encourage people to give up valuable information.
Phish your staff
This tip may sound counter intuitive but there are real benefits to testing your staff with different social engineering techniques.
Regularly sending simulated phishing emails to employees reinforces their security training and keeps them on their toes with security top of mind.
Companies that have implemented white hat phishing and training have seen a significant drop in staff clicking on compromised emails.
Cyber Security is becoming more important for both clients and businesses with clients expecting that their personal data is protected. Businesses now have a responsibility to make sure their client’s information is protected and reasonable steps are made to ensure it never falls into the wrong hands.