We spend a lot of money to secure our information. In fact, cybersecurity is one of the globe’s fastest-growing industries. According to Gartner, IT security spending will top $81.6 billion for 2016, an increase of 7.9 percent over 2015, and that market is expected to more than double in just three years.
It’s interesting then to note that the same businesses that are willing to pay big bucks to secure information are less likely to invest time and money to educate their employees on cybersecurity practices. In a recent survey conducted by Enterprise Management Associates, just 56 percent of employees reported receiving cybersecurity awareness and policy training.
"Organizations are increasingly focusing on detection and response, because taking a preventive approach has not been successful in blocking malicious attacks," said Elizabeth Kim, a senior research analyst at Gartner. "We strongly advise businesses to balance their spending to include both."
Employee training can help reduce the number of incidents and lower the chances of suffering from a data breach. It’s often easy information for employers to share and employees to learn.
Password management – Proper password management is key to any cybersecurity program. The technical barriers to entry are only as good as the passwords that unlock them. Employees should be required to use passwords that are a certain length, contain upper and lowercase letters and special characters. Consider two-factor authentication for sensitive information. This type of login requires knowledge of not just a password but also use of a phone or key fob.
- Portable devices – Mobile phones, tablets and laptops allow for greater employee flexibility and productivity and enable the freedom to work from anywhere. But employees should know the consequences of losing a device. The information contained on these devices must be secure. Employees should be wary of connecting via unsecured, free Wi-Fi.
- Phishing – Employees should be cautious. Instruct them not to click on emails that appear remotely suspicious, with strange subject lines or requests to click on odd links that might contain malware.
- Spear-phishing via social media – Employees should be instructed on the benefits of managing the privacy settings on their accounts to limit access to friends, family or people they know. A spear-phishing email uses specific information, often sourced via social media, to appear legitimate. Often needs or requests are couched as immediate. Employees should be trained to check with people offline before sending personal information or transferring money.
- Companywide effects – Employees should know that they’re all in this together. Data security is important to everyone, not just the IT department. Breaches of information can damage corporate reputations and bring about financial losses so severe, the entire company suffers.
- Categories of information – Most employees know it is important to safeguard data such as social security numbers or credit card information. But they might not know that it’s important to protect other personally identifiable data a company might collect and store as well.
Various research reports reveal more than two-thirds of data breaches can be attributed to human error. Companies would be wise to make 2017 a year they begin raising cybersecurity awareness for all employees, not just for the IT professionals among them.