If you are not educating your employees on cybersecurity best practices, you are missing the biggest opportunity for improvement in your cybersecurity profile.
Employees have business-need access to a lot of important data, and their ability to protect that data – or to inadvertently let it walk out the door of your organization – is vital.
Lack of education was at the heart of a number of incidents of a major security breach. You probably heard about the new human resources employee who got an email from the president of the organization asking for tax information on every employee, so that person sent them exactly as instructed.
The employee did not recognize the email came from a hacker impersonating the CEO, and there was a major security breach.
Entire business models are based on this kind of fraud. Let’s pretend I am going to build a site with the world’s best collection of cute pet pictures. I’ll give you the first 10 for free (and those 10 are the most adorable pictures you have ever seen), but to see more, you need to set up a username and password. The access is still free, though.
No big deal, right? Wrong. In this scenario, I own this website and I am a criminal, and my business model is to try to use the username and password you just entered at every major banking website, on all major email providers, on your company’s VPN portal, and anywhere else that I think you might have used the same username and password.