As cyber criminals have become more sophisticated in their approach, technological measures are no longer enough to protect your business. In order to properly protect your data, it is important to implement processes and policies and ensure that your employees are cyber aware.
The 2018 Verizon Data Breach Investigations Report showed that 58% of cyber attack victims were small or medium businesses. Many SME organisations think that their data is of little value, but all data is valuable to cyber criminals.
Ensuring that your employees are empowered with the knowledge and necessary tools to protect your business is one of the best possible lines of defence and everyone has a role to play.
Part of the training should be to introduce employees to basic terminology and dispel any common misconceptions.
Some of these misconceptions include:
1. My data isn’t valuable
Cyber criminals use automated tools to exploit your system’s vulnerabilities and they’ll take anything they can get. This includes your personal information and generic company data. Yes, even that’s a valuable asset, since they can use it for further malicious actions. So even if you think that your personal or financial data is insignificant, a potential identity thief or IT criminal can still exploit the little information they’ve discovered about you. They can relate it to other information taken from multiple sources (e.g. social networks) and piece together a complete picture.
2. Cyber security is nothing to do with me, isn’t that why we have an IT department?
Cyber security can no longer be left to just the IT Department. With the rise in attacks such as phishing and vishing, everyone needs to be aware of what to look out for. Cyber security is best approached in a multi-dimensional way, combining employee training, policies and procedures and current technologies.
3. Cyber security requires a huge financial investment
Many efforts to improve the cyber security protection of your organisation are free of charge, or with a small fee. Of course, some more extensive measures require a higher investment, but many companies lack even the basics.
Where should you begin?
The creation and implementation of cyber security policies and procedures is a good place to start. These can then be used as the foundations of employee training and cyber awareness. Use internal resources, or seek a cyber security specialist, to put together a strategy that ensures your people, processes and technology are protecting your organisation Whilst there is no such thing as 100% secure, a multi-dimensional approach with overlapping layers provides you with the best chance of staying protected.