By Bobby Garrett
Director of IT & Cybersecurity
Gray, Gray & Gray, LLP
When it comes to protecting your company’s information from cyberattack you want to be sure you deploy robust detection and prevention methods, including firewalls, enhanced systems and network monitoring, secure networks, and powerful encryption. But to be truly effective your defenses must start with the weakest point: your people.
To paraphrase a popular horror movie, “The call is coming from inside the house.” A study by London-based consulting firm Willis Towers Watson found that about 90 percent of cybersecurity breaches are due to human error or behavior, either employee negligence or malicious acts. The simple act of an employee unwittingly downloading a corrupted file could release malware into your network, causing untold disruption, damage and costs.
The only way to help prevent such unintentional – yet destructive – actions is by accentuating cyber literacy among your staff. Conducting training sessions that educate and advise employees on recognizing threats, using approved software, and applying strong passwords, is the most important security investment you can make.
The need to educate employees on cybersecurity is magnified by the move to a remote working environment. Whether your company’s work-from-home endeavor is a temporary measure made necessary by the social distancing component aligned with the COVID-19 pandemic, or a permanent initiative designed to create a more connected and streamlined workforce, the cyber threat associated with remote work is significantly higher than that posed in an office environment protected by defenses such as a shared firewall.
In conducting digital security workshops for companies to help raise the level of awareness of personal responsibility in preventing cyberattacks, phishing, and malware intrusion, we focus on three critical components of individual behavior:
- Recognizing Threats – Stressing heightened alertness through the Employee Security Awareness training system.
- Confirming Identities – Training employees to confirm the legitimacy of any request for information or data, and the need for reporting any potential scams to IT.
- Protecting Sensitive Information – Practical application of strong passwords and leveraging password management tools to secure files and protect sensitive data.
Training should not end with a single session. Regular updates on emerging cyber threats to ensure heightened awareness are necessary. Surprise tests to help ensure constant alertness also contribute to maintaining employee awareness.
Cyber literacy training has the added benefit of showing employees that they are appreciated and that you are meeting their professional development needs. Providing the tools necessary for mastering the rapidly developing technologies that they must deal with every day will also help with employee retention.
If you are interested in learning more about how cyber literacy training can help turn your workforce into a “cyber defense force,” please contact me at (781) 407-0300.
Gray, Gray & Gray has developed a 9-Point Cybersecurity Checklist for a Remote Workforce to help assist clients with guarding against cyber threats. If you are a client of the firm and would like to receive a copy, please contact your engagement partner.