Cybersecurity is a vast and ever-expanding set of topics that at times may appear overwhelming in terms of how much you need to know and to what depth. But it is a mission critical issue in every business, regardless of size.
It is a combination of both knowing and doing something to protect a business’s information assets. When an enterprise’s employees are cyber security aware, it means they understand what cyber threats are, the potential impact a cyber-attack will have on their business and the steps required to reduce risk and prevent cyber-crime infiltrating their online workspace.
Creating a culture around cyber security awareness in the workplace doesn’t mean that you’ll be completely eradicating the risk of data theft or cyber-crime to your business 1 . It is no longer a matter of putting strategies in place in case a cyber attack occurs, it is more a matter of acknowledging that it will indefinitely occur – the trick is to be able to identify it; stop it and quickly
remediate any damage to the business.
Phishing: The current focus of most security awareness training initiatives is on phishing 2 – and with good reason. Phishing is responsible for the bulk of breaches. Users get hoodwinked into clicking on a malicious attachment or URL and this inadvertently lets the bad guys in. Cyber criminals are very clever about how they achieve this – posing as emails from trusted vendors, government agencies, or even from email addresses within the company. They fashion subject lines designed to gain attention and tempt the reader to open them. It takes discipline to think before clicking on an urgent link from your CEO. Thus, the goal of training is to educate users so they are far less likely to fall prey to the various ploys from the hacking fraternity.
The tsunami of phishing attacks that threaten account compromise, data breaches and malware infection remain a critical threat. Ransomware is a second critical threat, with well-played ransomware attacks capable of bringing an organisation to a complete halt, and in some cases putting it out of business permanently. Consider this statistic: 73% of passwords are duplicated, so it’s no wonder that 81% of data breaches involve stolen or weak credentials, and 91% of phishing attacks target user credentials.
- Change passwords regularly and get a password manager: A password manager will take a load off your mind. Unless you have an above average adult human brain – which by the way can store the equivalent of 2.5 million gigabytes digital memory – you need it.
- Two-Factor and Multi-Factor Authentication (MFA) help reduce the risk of stolen passwords by requiring a second, or even a third way to verify users’ identity before access to applications and systems is granted.
- Get a copy of the DRS Cybersecurity quick reference guide – hints and tips.
I think we can safely say the question of why cyber security awareness is important, has been asked and answered. Partner with DRS and learn how we can assist you to enhance cyber security awareness within your organisation and reduce cyber breach threats.
Contact info: firstname.lastname@example.org