As businesses are spending millions of dollars on technology and software to protect themselves from cyber-crimes, they may be missing a leading cause of cyber-crime by not investing their money in training their own employees.
Human error is the leading cause of cyber-crimes, according to BakerHostetler’s 2016 Data Security Incident Response Report.Some of the most prominent companies learned that all too well in the last calendar year, as costly mistakes by their employees left their business vulnerable to hacks.
Here are three cyber-security threats to be aware of in 2017 and beyond:
1. Train employees with gamification.
In addition to sending around a list of dos and don’ts on how to prevent cyber-attacks to employees, companies could get more creative when it comes to training their staff. Businesses should consider using gamification for training exercises to present real-life scenarios to employees.
One way to do this is by having “pretend” hackers try to obtain proprietary information from employees. If an office doesn’t properly react, it could provide as a great lesson for everyone. If they react correctly they could win a prize. Every employee poses a risk, so training each individual is a critical element of cyber security.
2. Testing your response time.
Hackers are always going to be one step ahead due to the ever-changing cyber security landscape. In preparation, companies must have a cyber response plan in place and need to be ready to respond to multiple scenarios.
Employees need to understand how to identify risks and the appropriate individuals or departments where they should report findings. In addition, every employee should be taught best practices, like how to create stronger passwords or how to spot suspicious emails, so that they can use good judgement when online. If you suspect something, report it.
3. Protect your crown jewels.
The most important thing that business can do is identify their “crown jewels,” which are their data assets that are most critical to their organization and customers. Once the crown jewels have been identified, a company’s security team can establish targeted cyber security controls to insure this data is secure and recoverable.
While doing this, companies should make sure to conduct a penetration test to find out if their most important assets are vulnerable to hackers. This approach will save time and money. It’s not practical or cost effective to put the same level of protection on all data, so target the data that’s most important to the business.
BY: CHRISTOPHER ROACH at Property Casualty 360