How Are You Celebrating National Security Awareness Month?
This October is the 15th annual National Cybersecurity Awareness Month (NCSAM), an initiative to raise awareness about the importance of cybersecurity that grows stronger by the year in significance and scope. Breaches and malware attacks are getting more frequent, and they don’t discriminate against industry. A cross-section of companies from government, healthcare, finance and retail to nonprofits, car-sharing, and even the Port of San Diego have faced ransomware attacks. But it’s not just large companies that are at increasing risk of data loss.
“We got hit with ransomware and the affected files were uploaded to Google Drive via the sync tool. It was only then we realized the importance of G Suite backup,” explains Jesse Nowlin, IT manager, Westland Real Estate Group and a Spanning Backup for G Suite customer.
In fact, 54% of companies have had their data and/or IT infrastructure compromised and 77% of those attacks utilized exploits or fileless techniques. Whether data loss is due to system or human error, cybersecurity is truly a shared responsibility. The best protection is a strong offence and defense to collaboratively work towards securing our data.
This year, NCSAM’s theme — “Cybersecurity is our shared responsibility” — acknowledges the need for collaboration with four key messages:
- Strengthen the nation’s cybersecurity ecosystem
- Cybersecurity is a cross-cutting, cross-sector challenge, so we must tackle it together
- Increase and strengthen the cybersecurity workforce across all sectors
- Secure critical infrastructure from cyber threats
This week’s highlight — “It’s Everyone’s Job to Ensure Online Safety at Work” — is something we know quite a lot about. In our recent survey, “Trends in U.S. Worker Cyber Risk-Aversion and Threat Preparedness,” we found that, while basic cybersecurity practices are observed, politeness often gets the better hand of security.
The good news is that 8 in 10 workers reported that they never share passwords over text or email and that they use a mix of letters, numbers and symbols in their passwords. Another positive finding showed that 87 percent of respondents are uncomfortable clicking on short URLs, such as bit.ly links, which can be an effective tool for hackers to gain entry. However, when asked if they would allow a colleague to use their work computer to complete a task, almost half of all respondents said they would. Amongst those with administrative access, only 35 percent said they would refuse to allow a colleague to access their device. While letting a work friend use your computer might not seem like a risky move, research has found that insider threats account for nearly 75% of security breach incidents.
There’s still a ways to go.
Treat, Don’t Trick
Organizations need to change employee behavior, and that starts at the top. Instead of “tricking” employees into making mistakes, like sending company-wide emails and tracking clicks on potentially risky links, I believe offering “treats” will help change the company culture so that your employees don’t fear cybersecurity, and instead feel proud that they are doing their jobs in a secure way.
One way to do that is to offer praise or rewards for doing the right thing – instead of only calling out the mistakes or shaming employees. Be open and transparent about when training is occurring so they understand what it is before you try to phish or bait them.
Collaborating to Stay Safe
At the organizational level, cybersecurity is increasingly a critical shared responsibility both in terms of customer expectations and by regulatory standards. Make cybersecurity a year-long affair to ensure that your employees are empowered to make the right choices.
And if you do suffer a data loss, remember that backup is one thing. restore is everything. Spanning Backup solutions provide peace of mind, knowing that you can quickly and easily restore your data exactly the way it was at any point in time should a data loss event strike. Preparedness and collaboration – not fear and panic – is the best way to protect your organization from breaches and data loss.
Here are some additional blogs and resources you may find useful:
- NCSAM’s toolkit to stay cyber-secure at the personal and organizational levels
- Trends in U.S. Worker Cyber Risk-Aversion and Threat Preparedness
- 5 Steps to Take Now to Reduce Data Loss Risk When Employees Leave
- Building Cybersecurity: Understanding What’s at Risk