The #human #element of #cybersecurity

Understanding cybersecurity is essential in this age of constant connection and data sharing, yet most people don’t seem to be aware of the risks associated with sharing information online. I’ve found that people don’t know what’s safe and what’s not, and they often don’t realize the information they provide to one group may also be going to several other groups.

What’s important to discuss is how all systems in an organization share data. An everyday example of this is when people provide their information for a grocery store discount card. That information is then shared with food manufacturers so they can better understand what products people are purchasing. It’s the same when people share their email addresses with online retailers; all the data is interconnected.

In one of the biggest breaches of consumer information to-date, Equifax announced that over 143 million people had their private information stolen, causing those affected to be increasingly vulnerable to identity theft. The information compromised includes social security numbers, driver’s licenses and credit card information. Similarly, Target experienced a devastating security breach in 2013. Hackers discovered the weaknesses in Target’s system and installed malware to capture private data.

These examples illustrate how not even large companies with robust cybersecurity teams are safe and when a system is breached, businesses are impacted because of the private consumer data present in the system. If one of your employees has their identity stolen, they will spend much of their time and focus dealing with the disasters that arise, leading to a big decrease in their productivity.

While it might be simple to believe that it just won’t happen, neglecting to address cybersecurity within your own business similarly increases the vulnerability of your employees. Companies must protect personally identifiable information (PII) because your employees are a key functioning part of your business. Because the world has become so connected, the line between personal and company security is blurred to the point where it essentially no longer exists.

As enterprises become increasingly connected, they must address the vulnerabilities that accompany the resulting more complex systems. Compromised information is often the result of our failure to think through and implement the correct approach when building the systems that make up our companies.

Software and the systems it resides on is now so complex that it is often difficult to address every conceivable flaw in the system, which means it is often only a matter of time before some clever hacker finds a way in. Even with a team of talented cybersecurity professionals, the odds of safety are increased, but not guaranteed. This means that cybersecurity can likely be a full-time task for one or many which puts smaller companies even more at risk because small businesses can’t hire a division to constantly be working on IT and cybersecurity.

IT employees often find themselves spending much of their time in training, as new methods continue to be developed to address the changing infrastructure options and threats to those systems. Total security of your team’s information is an important goal but likely is unreachable. It is in companies’ interest to take at least partial responsibility for helping your employees understand the risks associated with being connected and how to mitigate the problems should the risk be realized. One way for you to help mitigate these risks is to provide a service like LifeLock protection in your employee benefits packages.

Cybersecurity is essentially an arms race to try to shield the potential threats that keep evolving and emerging. In our connected world, it’s now impossible to separate personal and company security. Despite the impracticality of total protection, it is important to strive to address the threats. And there are some things all businesses can do to improve cybersecurity. These include regularly backing up information, setting up notifications for company security breaches using reputable web browsers, and most importantly, educate your employees about the basics of cybersecurity protection!