Traditionally, cybersecurity, and everything related to it, has been almost totally relegated to IT departments and/or outsourced IT/security providers. Those technical teams worked tirelessly to secure company networks and data by combining a variety of measures, including firewalls, antivirus software, mobile device management, data loss prevention tactics, hardware and firmware updates, etc.
And, while that worked for a while, hackers wised up — social engineering opened network back-doors, BYOD made it hard to secure endpoints, new malware and encrypting ransomware sprung up everywhere, and even USB drives became suspect — and traditional cybersecurity measures are simply no longer enough.
IT alone can no longer guarantee cybersecurity and protect your network from all threats. Why? Hackers have gotten really good at exploiting your biggest and most numerous vulnerabilities: unsuspecting employees.
Read on to learn more about this shift, why it’s so important, its worldwide impact on businesses and governments, and what you can do to fight back and bolster your organization’s security.
Despite today’s constant stream of national news coverage about security threats and breaches, many businesses still focus their cybersecurity programs solely around IT protecting their infrastructure perimeter and device endpoints. After all, that’s what they’ve always done and it’s what industry best practices dictate, since that’s where cybercriminals traditionally first gained access to wreak havoc on a company’s digital access.
However, it’s also important to consider what happens when a threat bypasses perimeter defenses and targets an employee — in the form of a malicious email, text, phone call, or even a voicemail that might prompt an employee to respond with confidential company information. For example, these 3 common office supply scams rely heavily on data gathered through the phone, and cost businesses millions each year. Imagine how easily a hacker could not only leverage that for money, but also for access to critical confidential and proprietary business data.
There’s also the possibility of an offline attack from inside the office, where an employee or an office visitor might gain access to valuable data by quickly taking something carelessly left on a desk. For instance, check out these 10 messy desk mistakes that threaten data security.
As an owner of a messy desk myself, I recently realized how many potential vulnerabilities I was uintentionally creating. By making some small and easy changes to my work habits, I’m happy to say I’ve eliminated the opportunity for a potential cyber criminal to use me as an easy target. (Although I’ll admit that, while my desk, its contents, and my work habits are now secure, it may still appear to be a messy desk on most days…organized chaos breeds creativity, right?!)
Global and Local Impacts
According to a PricewaterhouseCoopers survey, in 2014, 69% of business executives expressed concern about cyber threats, including a lack of data security. In 2015, an updated survey increased that number to 86%. These numbers illustrate the increasingly urgent need for better cybersecurity.
The issue is not going away anytime soon. If anything, it’s only getting worse. In fact, stronger cybersecurity has become a global priority over the last few years, as hackers penetrate the IT infrastructure of government and enterprises with increasing frequency and sophistication.
RELATED: Best Practices to Fight Phishing and Next-Generation Malware
According to a study conducted by the Identify Theft Resources Center, the total number of reported data breach incidents in the US grew from approximately 400 in 2011 to approximately 750 in 2015. This increase of over 60% doesn’t even include unreported (but no less important) breaches — a figure that is likely much higher.
When you add in the ever-growing Internet of Things (IoT) and the explosive prevalence of mobile devices and BYOD, the threat landscape and potential for data leaks is even more significant. In fact, data shows that, even in organizations that have proactively created policies to minimize the risks related to the bring-your-own-device culture that is so prevalent in today’s workforce, employees still may be the single biggest threat to BYOD security.
The Need to Educate Employees About Cybersecurity
All that being said, IT alone no longer has enough control to guarantee or be held accountable for all aspects of cybersecurity on its own. Moving forward, one of the biggest factors to securing any business network is educating all employees about best practices for security. Employees need to practice strict and secure cybersecurity habits — not only to thwart digital attacks, but also to prevent someone from simply walking by their desk (in the office or at home) and picking up a device or document that contains sensitive information.
I can’t stress enough the importance of security awareness training for internal employees. Educating them on what it takes to protect proprietary documents and data is critical. Any leaks — unintentional or intentional — could hurt the business in the form of information that assists a competitor, violates compliance regulations, or harms the corporate image. Leaks can also hurt employees from the standpoint of personal information that might be exposed.
Lastly, customers and business partners could be at risk, compromising the industry reputation of any business that does not properly protect confidential information. It only takes one incident to completely destroy any goodwill you established and built with your customer base.
Get started on the path toward better security today by downloading our free eBook, Cybersecurity Tips for Employees: The complete guide to secure behavior online and in the office. This eBook is packed full of security research, data-driven tips, and easy changes and best practices that any employee can implement to do their part for company security. In fact, we recently used this guide ourselves to educate Meridian employees and clients about cybersecurity. Don’t risk your organization’s security by assuming IT has it all covered — educate your employees today.