People make mistakes. Act accordingly.

All organizations are composed of people and people are not perfect. In fact, 85% of data breaches are caused by human error. To diminish the risk of cyber threats and defend your organisation from a variety of security risks, and the consequences, a Cyber security awareness training should be considered.
It only takes one lapse in judgement to create a cyber security incident. Therefore, a more educated workforce will help reducing the risk of poorly judged email clicks and accidental breaches.

Training is most efficient if it covers all relevant topics:

accounts and passwords,
email,
web, social networks, and communication channels,
PC security and mobile devices,
protecting confidential data and
a phishing attack simulation

First line of defence: The power of a good password

Attackers can get your credentials (username and password) using most creative approaches and many different methods. A phone call asking for password, an e-mail request to change the password or account number or request for payment of a service, that was never asked for … all these things are warning signs that something malicious might be happening. The response should be same as when your car starts making suspicious noises: if you cannot find the cause yourself, it’s time to have an expert take a look and provide necessary assistance.
Any company should have a strong password policy. Sticking with simple passwords, consisting of one type of character will dramatically expose anyone to a cyber-attack. According to Microsoft Digital Defense Report for 2022, the volume of password attacks has risen to an estimated 921 attacks every second! Therefore, raising the awareness of employees to use proper passwords is of crucial importance.

What are the basic password rules?

At least 12 mix characters
Do not share or reveal your passwords to others
Be sure to change it on a regular basis
Use different and creative passwords
Use a password manager like LastPass or Dashlane
Enable Two-Factor Authentication

TIP: use long complex passwords that are easy to remember. Password like ‘WhyIsMyDogSoS2pid?’ will prolong the time to crack it to 277 million years! *

Did you know that cracking a password like ‘password’ can be done 431 times during the blink of an eye? But using your creativity, you can generate complex and easy to remember passwords, that will do the trick. For example: using ‘WhyIsMyDogSoS2pid?’ will prolong the time to crack your password to 277 million years!

The evolving phishing landscape

Do you know how much time it takes a phishing attacker to access your data if you fall victim of his attack? Only 72 minutes. Once a device is compromised, it takes him on average only 100minutes more to begin moving across your company. Considering that a shocking amount of 710 million phishing emails are blocked per week only by Microsoft Defender, you can see the magnitude of the threat, that each individual poses for your organization. **

In case you fall victim of a phishing attack, you can be out of business by lunch.

Since the attackers use increasingly complex techniques, organizations must regularly update their strategy for implementing security solutions. Individual user accounts need strong access control to block malicious emails. Your organization’s security defenders must rely on strong email filtering capabilities, but this is only a part of the solution. To increase rate of blocked emails from entering environment, the users have to be aware of cyber threats, actively engaged, and able to implement protective measures.

Tailor education to the audience

Keep in mind that some people may require substantial time to learn, and some will be able to write security code while they sleep. Allow these latter to become your cybersecurity advocates and to guide others towards the same goal.

According to a study from Stanford University, nearly half of employees admit, they are quite certain they have made a mistake at work that had security repercussions for themselves or their company. A number that should have every employer off his chair, right? Among those, who were certain that such mistake has been made, half of the employees were 18-30 years old, and only 10% of those over tge age of 51.
So, are elderly more reliable and responsible, and therefore act according to security measures?

Unfortunately, no. The research suggests that the underlying cause is that younger workers are more aware that a mistake had been made and are more willing to admit the mistake. Older generations can be simply unaware that everyday activities such as connecting personal device to the network, checking personal email on a work computer, or clicking and just closing a suspicious email can increase the likelihood of a successful cyberattack. Additionally, respect and self-presentation may be more important in workplace as with younger generation, since admitting a mistake may be perceived as a shame.

Encourage a strong cybersecurity culture

A strong security culture interacts with the day-to-day procedures, therefore employees need a framework to understand what the right thing is for security. Sustainable security culture requires that everyone in the organization is included, and not only security department – as many companies believe. Every organization has already some kind of security culture, but it should constantly evolve with time and new cybersecurity threats

Keep in mind your employees want to do the right thing — they just need to be taught.

With proper training and guidance as part of a consistent, ongoing process of raising digital culture in the organization, the employees will be able to make the right decisions when they encounter a social engineering attempt. Employees should be encouraged to foster a sense of shared responsibility for the organization’s security, sharing their experiences, cybersecurity knowledge, and insights with colleagues. In general, your employees want to do the right thing—they just need to be taught.

The goal of cyber security awareness for employees is to create an environment where people feel empowered to be active participants in their own security rather than helpless victims of cybercrime.

We can offer tailored courses that engage your employees, system security checks to determine possible vulnerabilities, and more! If you need more information, please contact us and we would gladly respond.

Sources

* Calculation was performed using web tool https://www.passwordmonster.com/
** Data source: Microsoft Digital Defense Report 2022; https://www.microsoft.com/en-us/security/business/microsoft-digital-defense-report-2022