The best defence starts with people, as many security breaches are attributed to an element of human error. At the cyber firm ThreatLocker, CTO Michael Jenkins discusses the importance of employee knowledge when it comes to cybersecurity.
Cybersecurity used to be something that was handled exclusively by IT departments. Business owners and their teams were too busy handling the day-to-day to worry about viruses or malware – and for many years, very few firms had any cyber defence strategy or training in place.
Things couldn’t be more different now. In an ever-evolving world of cyber threats, every staff member in every organisation is responsible. Companies can no longer rely solely on IT departments and antivirus to stay protected from potential breaches. Ironically, as tech has become more innovative, the role of people has become even more critical. It’s much easier for hackers to exploit human error than spend hours breaking down defence systems. Stanford University researchers found that 88 per cent of security breaches had an element of human error – and employees were reluctant to admit when they made a mistake.
So, everyone in a firm – from the board that implements the policies, to the HR department onboarding new employees, to the team overseeing password security – must take responsibility for cybersecurity. Anyone can potentially fall victim to a phishing scam, password leak, or fraudulent email – and all individuals need to be trained, vigilant, and engaged to protect the wider business. The small things make the difference; employees making careful, educated decisions is the cornerstone of any successful cyber policy.
How likely is a breach?
Becoming a cyberattack victim often seems entirely hypothetical – something that happens to other people but wouldn’t happen to you.
According to the latest government survey, around a third of businesses (32pc) and a quarter of charities (24pc) have reported cybersecurity breaches in the last 12 months, with more larger companies admitting to a data breach.
Figures also suggest the average annual cost of cybercrime for businesses is estimated at approximately £15,300 per victim, which, at that level of expense, means the likelihood of a total company shutdown is high. Cybersecurity is a company-wide issue that impacts everyone across every department and every element of operations. As such, it’s a collective responsibility – and should be a priority for all.
The rise of Internet of Things (IoT) and its risks
Employees within an organisation are typically connected to an internal network, so when one device is vulnerable to attack, all computers on the network can also be impacted.
Technologies like Internet of Things (IoT) devices have considerably increased the potential fallout of attacks. For example, the number of internet-connected devices in spaces such as hospitals is projected to exceed seven million by 2026, with more than 3,850 per facility. Should a breach occur in any one of these devices, network intruders have the potential to access information across the whole system and any device connected to it. Individuals within the company who are educated on cybersecurity best practices are less likely to cause cyberattacks related to IoT devices or engage in other activities that could result in data breaches, viruses, and other threats.
A solution that staff can easily get behind
Employees, business associates, or virtually anyone using a computer on your network can open the doors to potential security threats.
The same goes for the other way around. Cutting-edge technology, paired with the awareness and education of employees, is essential to cybersecurity optimization. Educating users on everyday preventative measures is a great first step to limiting exposure and the threat of cyberattacks.
From connecting to public WiFi networks to leaving laptops unattended and unlocked, seemingly inconsequential actions can lead to devastating consequences. Using different passwords for different profiles isn’t just a reminder we see now and then but something that can play a massive role in protecting your organisation’s critical accounts. In addition, continually changing passwords is necessary, especially if an employee leaves a company, then all shared network passwords should be switched.
Cybersecurity training for your team: What’s the RoI?
Think of cybersecurity awareness training as an investment, and the ROI on training is substantial. It helps to protect your organisation against cyber threats and data breaches from the ground up and eliminates the risk of seemingly insignificant errors becoming enormous problems. The benefits and repercussions of a data breach far outweigh the cost of training.
The consequences of not training your employees in cybersecurity can be severe and long-lasting. In addition to the financial and reputational damage that can immediately result from a data breach, the long-term effects can be just as devastating. Once a brand is associated with a data breach, earning back consumer and stakeholder trust is a long road if that trust can ever be regained. Failure to train employees can also result in less productivity and increased stress for employees not equipped to handle the ever-evolving and complex nature of cyber threats. Employee confidence in best security practices is just as crucial to maintaining the overall company security as it is to each employee’s ability to do their job without hesitation.
Moreover, the rising number of regulations and penalties associated with protecting sensitive data means that neglecting to invest in employee training can lead to punitive financial losses that can bankrupt a company.
While high-tech, fortified digital measures can provide a fantastic data stronghold, it’s only part of the solution to protecting the castle. A company’s technology or IT team can’t and shouldn’t be the only employees who are vigilant about your organisation’s security and assets. Cybersecurity is everyone’s responsibility.
Everyone, from the CEO to the intern, has a role to play in keeping sensitive information secure.
About the author
Michael Jenkins has ten years of experience in the IT industry working as a high-level engineer and go-to in ransomware recovery serving the SMB market. Michael has held positions in email security and managed security services, which led him to his current position as CTO of ThreatLocker.
