What does a five-person operation have in common with a Fortune 500 company? Their largest security vulnerability, and most critical defense, is their people. Because of the variety of cyber attacks that can be introduced through a link or download, including malware and ransomware, security services and software only go so far. People are truly the last line of defense.
Traditional thinking is that the IT department will fight security risks through patching, hardware upgrades and constant diligence. In-house IT or a third-party IT partner will take these tasks on, but keeping employees from other departments out of the process is like building half a fence. After all, a high percentage of breaches are going to go through them, especially through phishing attacks that are growing more and more complex. These attacks are also growing in popularity; over 90% of data breaches happen through phishing.
This is where training can make a major impact. An annual employee guide is helpful and a good start, but threats evolve in real-time these days. To stay proactive against cyber attacks, there are some additional steps your organization can, and should, take:
- Send regular updates to personnel on new kinds of threats as soon as you learn of them.
- Create cyber security processes and include them as part of new and current employee training.
- Set up filters warning employees of external emails and unsecure websites.
- Try a Phishing as a Service program that educates employees through real exercises.
These steps are easier suggested than done, however. Maybe your organization can implement one or two of these internally, but a technology partner can help craft and launch each initiative. A third-party IT partner can also test your software, hardware and personnel periodically to hone attack response tools and skills.