Does your organization have information? The obvious answer is “yes.” What many companies are quickly realizing is that having information—especially sensitive customer information—makes them a target. As daily headlines show, these attacks are not only growing, but have become more severe, putting customers at risk and ruining companies’ reputations.
What many often forget is that attackers are usually not targeting your organization’s technology. They’re targeting your employees through well-designed phishing emails that increasingly look like normal communication. The volume of these attacks is staggering—the RSA Anti-Fraud Command Center finds that there’s a new phishing attack every 30 seconds!
During this week of National Cybersecurity Awareness Month, with the focus on cybersecurity being a shared responsibility in the workplace, it’s important to reflect on our security postures, consider how we can better train and educate employees, and ensure security teams have the technology needed to detect and respond to in-progress attacks.
In considering that cybersecurity is a shared responsibility, there are steps everyone in the organization can take—from IT to employee to management—to ensure cyber readiness.
For IT: Ensure software is patched, data is encrypted and your environment is up-to-date with the latest protection. Major global cyberattacks like WannaCry and NotPetya underscore the need to keep systems updated and patched. This one step can help prevent the next attack and your organization’s reputation. It might also be time to evaluate your threat detection and response capabilities. Does your team have the skills needed and the right technology in place to ensure smaller security incidents don’t erupt into debilitating disasters?
For employees: When you’re on the front line, you’re the most likely target in a phishing scheme. That makes it critical to ask your organization’s CISO or CIO about available training and what steps to take if you do find yourself a victim.
As a rule of thumb: Beware of what you click! If it’s from a user you don’t know, or if the sender’s email is not one you’re familiar with, take caution and don’t open any links or attachments until you’ve consulted the IT team.
For management: Change happens at the top. Talk openly about the risks facing your business and what employees might face day-to-day. Inserting cybersecurity into the workplace lexicon makes staff more aware of the threats they may encounter.
Education and training programs are no longer just nice to have—they’re critical! Unfortunately, only 53% of organizations have programs in place to educate employees about security threats. However, the ROI on these types of program is remarkable—more than 50% of InfoSec professionals say they can quantify the reduction in phishing susceptibility among users.
Once employees have been properly trained, it might be a good time to conduct an incident response drill to ensure employees understand what they should do and when, if an attack occurs.
In today’s growing threat landscape, cybersecurity risk won’t wait for you. Don’t wait to address risk or put off future IT planning. Take the time now to open lines of communication across your organization. As risk continues to grow, the only way to address this challenge is to understand that it’s a shared responsibility.
Stay up-to-date with RSA’s latest insight and perspective on National Cybersecurity Awareness Month by following @RSASecurity on Twitter or searching the hashtag “#CyberAware.”