Five years ago navigating the web was seen as an activity limited to free leisure time, but now it is an essential part of many professionals' daily working schedule - from emails to backups and an array of web applications - but as we've seen from the news this past year, criminals are quickly following suit, using these platforms to their advantage.
With National Cyber Security Awareness Month in mind, we take a look at the importance of shared responsibility, and why we need to create a culture of cyber awareness. This means a shared understanding and concern for the rising threat of online attacks, and ensuring that users take action when they see something suspicious.
“While the speed at which technology and information move can expose us to new risks online, it also enables a level of sharing and cooperation that can make us more resilient to cyber threats.
National Cyber-security Awareness Month isn’t just about understanding the risks, but also emphasising our collective power to combat them.”
- FBI Cyber Division Assistant Director Matt Gorham.
Too often we see companies suffering huge data breaches and profit loss due to an internal user clicking on a malicious link or giving confidential data to a disguised attacker. Yes, it is an individual's personal responsibility to identify this suspicious activity and take action, but that can't be expected without first educating them.
Cyber security awareness training is overlooked by the majority of companies, with most offering the bare minimum to comply with regulations, while still expecting their staff to act like experts. To keep up with the constantly evolving threats, it's vital that businesses offer their employees regular training.
Barracuda Sentinel Free Trial
Extra Security Policies
A big concern for many companies now is CEO fraud, or other forms of impersonation - these attacks usually target the finance department of an organisation, imitating the CEO as best as they can from information publicly available online.
Instances like these display the necessity for clear security procedures that allow employees to have a full understanding of how they should act when they see something suspicious, and over time these actions become ingrained as a habit. An example of this in regards to money transfers could be a policy that all large transfers must be approved by more than one employee, or even require face-to-face approval rather than an email.
Safeguarding data is not a requirement limited only to organisations handling bank details or medical records - as we've seen this year with stricter GDPR, this is an issue that all individuals and businesses must take seriously. Even details that may not seem so 'confidential', like names and emails, can still cost business in huge legal fees and reputation, as well as leaving that user vulnerable to being contacted with more attempted attacks.
Organisations can make protecting their data much simpler with the use of encryption, regular backups, and again, proper security procedures and training. However, this responsibility doesn't stop once you've stepped outside the office - going back to the example of CEO fraud, these imitation attacks rely heavily on how much information people share publicly online, allowing criminals to know their professional contact details and title, their typical work hours, and even the employees they work most closely with, making their disguise all the more realistic.
For more topic-specific information regarding cyber security awareness and data protection, check out some of our other blog posts: