What is Cybersecurity Awareness and How does it affect my business?
As a busy parent, professional or retiree, we all take security seriously in some respects. How many of us leave our homes without closing or locking the door? How many of us leave our keys in the car when visiting a restaurant? I suspect the number of people who take such a relaxed approach to property security is quite low.
Cybersecurity is just as important or possibly more important. A poor approach to Cybersecurity can allow unwanted attention from the wrong people. Unfortunately, the breach or theft of information can impact more than yourself or the company. It can also have a devastating impact on your customers.
What exactly is Cybersecurity Awareness?
First, let’s start with “What is cybersecurity?”. Wikipedia defines “Cybersecurity” as “The protection of computer systems from the theft of or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide.”
Cybersecurity Awareness is a combination of things. It’s a combination of knowledge and actions to help keep you and your organization safe. As any cybersecurity professional knows, it’s much easier to trick a person than it is to trick a system. According to the May 2023 Cyber Security Intelligence Index, an astounding 52 percent of all security incidents involve human error. These errors range from weak passwords to BYOD policies to phishing. By strengthening the knowledge and behaviors of the individuals in your organization, you’re creating a more robust “system” overall.
How does cybersecurity affect my business?
In August 2021, T-Mobile suffered a data breach affecting potentially 37 million accounts. They have agreed to pay $350 million to settle a class action lawsuit. As USA today writes “A “bad actor” stole personal information from approximately 37 million T-Mobile customers in a November data breach, the company said on Thursday.
In a filing with the U.S. Securities and Exchange Commission, T-Mobile said the hack was discovered on Jan. 5. The unidentified hacker (or hackers) obtained data starting around Nov. 25 through a single Application Programming Interface, the company said.
The malicious intruder accessed a “limited set of customer account data” – including names, addresses, emails, phone numbers and dates of birth.”
At one organization from a previous life, I will not identify the organization due to respect for the team members, we conducted a targeted phishing email campaign to evaluate our security awareness program. Fortunately, the majority of the target emails were ignored or deleted and some even reported. However, we had a few that not only responded but were interested in the offer. We had one person who entered their network credentials no less than a dozen times to get the electronic media offered. Sadly, people can be incited with a simple email, image file, excel macros or music videos.
Ransomware has become quite popular with cybercriminals. The cybercriminal or criminal organization takes control of your system by encrypting (locking) your system and demanding payment, normally in cryptocurrency (bitcoin) to provide the unlock key. When faced with such a challenge, there is no guarantee that if you pay the money that the keys will be provided. After all, cybercriminals are not the most honorable people or groups in the world.
How can I protect my business?
With all the potential of cybercrimes, there are a few things that can be done to minimize the impact of a breach and possibly protect from user-initiated breaches. One of the most impactful defenses to security breaches such as ransomware is user education or Cyber Security Awareness. In many organizations, Annual Cyber Security Awareness Training is required for each team member. This is a positive step in the battle against Security Breaches and Data Compromises. It’s much like creating a Neighborhood Watch Organization for your company.
Each Team Member, Employee or Associate has a responsibility to the company to protect the assets of the organization. Protection starts with educating the masses concerning the threats and common breach types such as unwanted Spam email.
Making your team members and staff aware of potential threats through an organized Cybersecurity Awareness program greatly reduces the potential for compromise via email or web applications. The Cybersecurity Awareness program also provides base-level knowledge to identify odd behavior earlier in the process if your organization is compromised.
If you have any questions about cyber security, feel free to reach out to the experts at SandStorm IT. We can be reached at 901-475-0275.