Employees are a company’s greatest asset as well as its biggest security vulnerability. Whether by accident or intent, your company’s employees are the most common point of failure for allowing bad actors to gain access to your IT system. No amount of software patches or hardware upgrades will be able to protect against malware introduced through clicked links or downloaded attachments sent to employees who have not been trained to recognize, avoid and report suspicious communications.
More than half of all cyberattacks are directed at small and midsized businesses, costing an affected organization an average of $1.8 million. Those figures do not account for the 60 percent of companies that go out of business within six months of a successful cyberattack.
Businesses can protect themselves by conducting regular, interactive cybersecurity training for both employees and management. Training should include a discussion of the common cybersecurity threats and attacks currently taking place. It is also beneficial to explain your business’s security principles, policies, resources and expectations of employees. Finally, your company’s protocols for reporting possible cyberincidents including breaches needs to be explained to your employees. The last thing that you as a business owner want is to have an employee not report a possible cyberbreach for fear of being admonished or disciplined. Cybersecurity training should be designed around the concept that everyone has a role to play in maintaining a cyber-secure work environment.
Regular cybersecurity training is one of the easiest things a business can do in order to protect itself from cyberattack. Oftentimes, cybersecurity training is mandated by insurance carriers that underwrite cyber insurance policies. With the proper behavioral changes, businesses can greatly reduce the likelihood that their company will experience a cyberbreach. It all starts with educating your employees and developing a culture of cybersecurity.
If you would like to learn more about how Lindabury can assist in educating and preparing your employees to identify and prevent attempted cyberattacks, contact us.
Topics covered in Lindabury’s cybersecurity training include:
- Common cybersecurity threats and attacks
- Information security principles, policies, resources and expectations of employees
- Applicable laws and regulations
- Information classification and safeguarding
- Personnel security and access management
- Acceptable use of IT resources, including internet, email, social media and remote access
- Mobile device protection
- Information security controls
- Cyberincident reporting and response
- Service provider risk management
- Customer/client data protection
- Risk and compliance management
Robert W. Anderson, Esq., is Cybersecurity & Data Privacy Group co-chair for Lindabury, McCormick, Estabrook & Cooper.