With 40 percent of all UK businesses suffering a cyber breach or attack in the past 12 months, it is vital that businesses do everything they can to protect themselves from cybercrime. Article by Dave Rogers, Security Specialist – Evaris.
Statistics from the Department for Digital, Culture, Media & Sport indicate that 43 percent of businesses in the UK have been hit by a breach or attack, with this number rising to 72 percent for large businesses. For the average large business, the financial cost of all attacks over the past 12 months was £9,260 with some costing significantly more.
The most common breaches or attacks are through fraudulent emails – and 92 percent of all malware is delivered by email, according to Verizon’s 2018 Breach Investigations report. This type of attack could include, for example, attempting to coax staff into revealing passwords or financial information or opening dangerous attachments. This means it’s vital that all employees are educated on the importance of data security.
Centrify identified that employees are a large risk to security for a business, so as much as they are a business’s greatest asset, they are also its greatest security risk. It is vital that the workforce understands data management, including data protection and disposal. Most businesses roll out annual training sessions and think that is sufficient, but that’s not enough.
Organisations should be discussing cybersecurity with their employees from the moment they come through the door. From this point, create a plan on how best to communicate cybersecurity information to all employees to get all departments on board with training and best practices. This might include appointing a cybersecurity culture advocate in every department to form an extension beyond the IT team, or carrying out evaluations regularly to help you understand how bad or good your security posture may be.
Ensuring a business is safe from cybercrime is not just a matter of putting processes in place, it must be combated by every person in an organisation. By not making employees conscious of risks, all your hard work to protect your business could be made redundant by the simple click of a link in an email. Security awareness shouldn’t only be prioritised in the workplace. Employees are unlikely to put their own data at risk, and so should adopt this approach in their professional lives.