Attacks Are On the Rise
The FBI reports that phishing attacks are up 1200% in the last 4 years (FBI Internet Crime Report) and, according to Cisco’s 2021 Cybersecurity threat trends report, 86% of organizations had at least 1 user try to connect to a phishing site.
Translation: Phishing attacks have drastically increased and people are often the targeted “weak link” for those attacks.
How do we best support our staff to defend against this?
Training and Education
While it is important to have a comprehensive and multi-layered approach to cyber security (check out our article on that here), the training and education of your staff are a crucial element to limiting vulnerabilities and preventing further access to your systems.
Since this involved the human element and company-wide training, it’s often necessary to involve your company’s human resources department for the compliance and implementation of cyber security protocols.
In their article titled “The Weakest Link in Cybersecurity”, SHRM, a Human Resource Management organization notes, “Executives would do well to encourage more cooperation between the technology side of the house and the people side. ‘This is an area where there’s a huge opportunity for the CHRO (chief human resources officer) and the CISO (Chief Information Security Officer) to have a strong relationship,’ says Deloitte Global Security Leader, Emily Mossburg.”
The article continues, “First they can team up on training programs to increase security awareness. Second, the CISO can help HR strengthen practices, processes and systems to ensure the security of employee data in distributed work environments.”
Illustrating the importance of this rollout, a survey referenced in that same article notes that 88% of data breaches involved human error.
It isn’t enough to just tell your employees to be on the lookout for questionable links or subject lines, even though there are some basic articles or publications you can share, they need training, and you’ll need the buy-in from HR to help make that happen.
If you’re like many other SMB’s that don’t have the time or ability to develop those training programs due to being overwhelmed and understaffed, services like a vCISO can from Diamond IT can help (link to vCISO blog post). The vCISO aides in creating those protocols and procedures and can work with you HR group to roll out a strategy to educate and train your staff on these cybersecurity threats.
The attempted attacks are going to keep coming, but you can empower your staff to know that they are the 1st line of defense against phishing attacks and that they need to be on the lookout to avoid and report those attacks so that your organization isn’t added to the statistics.
For more information on our vCISO offerings or for a security assessment of your organization, click here to connect with one of our professionals.