October 11, 2016//Ellen NeveuxLast Updated: November 18, 2020
October is National Cyber Security Awareness Month (NCSAM). The U.S. Department of Homeland Security and the non-profit organization National Cyber Security Alliance (NCSA) established NCSAM to encourage awareness and defense against attacks. The aim is to “increase the resiliency of the Nation in the event of a cyber incident.” Each week, NCSAM focuses on a different theme. They break down in the following order:
Week 2 of NCSAM directly references measures we promote regularly on this blog as steps companies should take to limit data breach vulnerabilities. Here’s how the StaySafeOnline website describes this week’s part of the month-long program:
Week 2: Oct. 10-14
From the Break Room to the Boardroom: Creating a Culture of Cybersecurity in the Workplace
All organizations – from large and small businesses to healthcare providers, academic institutions, government agencies and civil society – can experience data breaches or be targets of cybercrime, which can result in stolen intellectual property, theft of personal information or – if our critical infrastructure is attacked – a disruption to our way of life. Week 2 will focus on creating a culture of cybersecurity in the workplace through efforts like employee education, training and awareness and by emphasizing risk management, resistance and resilience. Promoting an educated workforce and following best practices – with an emphasis on skill- and career-building for existing personnel and potential new entrants into the cybersecurity workforce – will also be highlighted.
The main points revolve around educating employees on cybersecurity best practices to avoid potential liabilities as part of a thorough risk management system. Where do you start with training employees on ensuring they follow the safest cybersecurity guidelines? Being aware of these pain points could save you from big headaches down the line.
Passwords: Tell employees to create alphanumeric passwords with eight or more characters that contain at least one special character (like @ or !) and don’t use easily-guessed information, like birthdays or names of family members or pets. If you think your employees obviously use these best practices when creating passwords, remember that the top two passwords from the last year were “123456” and “password” according to a report by SplashData. Also, warn against the dangers of password sharing. A recent survey by the Cloud Security Alliance of 300 global professionals who work with companies that experienced data breaches states compromised credentials caused 22 percent of the incidents. A shockingly high 65 percent of those same respondents said the possibility that their companies would suffer another breach because of compromised credentials is medium to high. Not only does sharing passwords greatly increase the risk of data breaches, but there are possible illegal implications as well.
Phishing: Your employees may not fall for Nigerian email scams (unlike a lot of others), but what percentage of them click on suspicious links in emails? Research performed by CynergisTek says as many as 74 percent fall victim to this type of phishing. What about people who provide credential information when prompted by an insecure source? That’s as high as 46 percent. CynergisTek researched the prevalence of phishing scams after one caused the data breach of Anthem Health Insurance, which saw up to 78.8 million compromised records.
Education: The most important measure to take in protecting your company’s digital assets might just be thorough, regular training for employees. A report by The Aberdeen Group shows that adjusting employee behaviors to reflect evolving security awareness through cybersecurity education can reduce the risk of data breaches by up to 60%. Keeping up to date with changing threats and holding training sessions to inform employees of the best practices to combat those threats acts as potentially the biggest deterrent to ending up a victim of cybercrime. Consider employee education on cybersecurity as the umbrella over enforced password security rules and phishing scams awareness.
Military and game strategy often dictates that “the best defense is a good offense.” However, a good offensive strategy doesn’t exist to help companies avoid or stop cyber attacks. Instead, you need a good defense. That defense comes in the guise of vigilant risk management and proper employee education. So, remember, the best defense is a good defense.
Our sole focus is secure third-party remote access. For highly regulated enterprise organizations, SecureLink Enterprise has pioneered a secure remote access platform. SecureLink for enterprise allows an organization to identify, control, and audit third-party vendors. For vendors, SecureLink is the gold standard remote access support platform because it is easy, efficient, and ensures compliance and reduces liability when supporting customers.