Cyber-crime is a really big problem now! But an even bigger problem is that many companies just don’t know it yet, nor understand the likelihood of a cyber breach occurring and its financial impact. And in the fight against cyber-crime, your staff are literally your biggest asset because they are also the hackers biggest target!
So why is cyber-crime so bad now? It’s because an entire worldwide industry has been built around hacking, with the sole purpose of stealing information and money, and most people on the planet are a potential target. We’re not talking about 12-year-olds sitting behind a computer trying to get bragging rights anymore- those days are long gone. We’re now talking about things like organised crime, renting hacking software out to people with no technical skills, and essentially a never-ending supply of hackers trying to scam you for whatever they can, in increasingly ingenious ways.
They have constantly adapted to find the weaknesses and target them, so they’re generally not wasting time trying to crack into your company’s IT systems through your security hardware and software. They now take the easy way out and target staff by doing things like:
And the big-ticket item here is tricking staff with emails because it can be done in mass volumes, it’s cheap, quick, and successful. Accordingly, up to 85% of cyber security breaches are initiated via staff clicking on something they shouldn’t!
Scary stuff for sure, and frankly if you don’t do something about it you become the soft target. Think of the house on the street with the security doors, window screens and burglar alarm. Too hard,… move on. But the easy target gets burgled, and then it gets burgled again in another month. Hacking is the same – once they’re in, there’s a good chance you won’t even know and they’ll keep stealing your information and using it to their advantage. Your customers data can be leaked, your files can be all encrypted on a certain date, and suddenly you have no business and you probably have to report the breach to the Office of the Australian Information Commissioner and your customers (via the mandatory data breach notification scheme).
Then the pain really starts because you incur costs due to:
Lost information and the above costs are exactly why 60% of companies that suffer a major cyber security breach are out of business in 6 months or less. Yes, that’s a very confronting statistic!
Something I like to relate cyber security awareness to is riding my motorbike. It’s a risky proposition, and to ward off the complacency I sometimes watch motorbike crashes on YouTube. Weird as that may sound, I do it to remind myself of the dangers, how to spot them, and how to deal with them. I then implement what I have learnt.
And consider how you train your staff. This is not a compliance exercise where you want to tick a box – you want your staff to be fully engaged and learning so that they retain the knowledge and implement it.
So, if you’re going to use an online course, make sure it’s interesting enough that people don’t go into autopilot, or multi-task. If you’re going to use an onsite trainer to maximise engagement, make sure they are fun and knowledgeable! Why do I mention fun / interesting? Let’s face it, cyber security is not everyone’s cup of tea, so it’s incredibly important to ensure your staff are fully immersed in the training!
It’s no longer a matter of “if” a breach will happen, but “how often” and “how bad”. Be proactive and use your staff to greatly reduce the probability of a cyber breach, and the impact it will have on your company and your customers.
About the Author:
Mike Ouwerkerk is an onsite face to face trainer for cyber security awareness, predominately in South East Queensland, but also interstate. He can be booked through the Go1 Training Assist program.