You’ve no doubt seen at least one of several different versions of Microsoft’s recent cybercrime television commercials. In it you’ll hear a variation of these words: “Every day you read headlines about businesses being hacked and intellectual property being stolen. That is cybercrime, and it affects each and every one of us.” Behind those words are lot of startling statistics that should give every business reason enough to pause and consider just how secure their company’s information may be, and whether they should be doing more to protect it.
The 2016 Cyberthreat Defense Report for North America, Europe, Asia Pacific and Latin America surveyed 1,000 security practitioners and decision-makers in 10 different countries. Here are eight hard-hitting facts revealed in that report (source):
- 76% of responding companies were breached in 2015.
- 62% of them believe a successful attack is likely in 2016.
- 85% spend more than 5% of their entire IT budget on security.
- 86% are committed to evaluating new endpoint security solutions.
- 65% have seen an increase in mobile threats compared to the previous year.
- Malware and spear-phishing appear to be the most common form of attacks.
- The number of companies allowing BYOD is declining.
- The biggest obstacle to security is lack of awareness among employees.
I placed extra emphasis on factoid #8 because it’s really the most important one out of all of them, and the one companies should be focusing on over and above all others. Another survey of more than 700 IT security practitioners by Ponemon Institute, 78% of the respondents said that the biggest endpoint security threat to their organization was negligent or careless employees who do not follow security policies.
Some of the problems are surprisingly simple. You’d be surprised how often people leave work laptops or mobile devices out in the open outside of the workplace, unprotected and unencrypted. Using stronger passwords is another piece of low-hanging fruit in the orchard of cyber-security. But there are many more, and it’s up to each company to know them and educate their employees about them.
Companies can and must do more to make sure everyone in the organization has a good understanding of what they can do to protect company information. If you’re looking for a great place to start, eLeaP has an Information and Security Awareness course (ID: ITSC010). This certificate program is designed to introduce all the core elements of information protection based on international best business practices. Participants begin with a quick pre-course assessment to see what learners already know, giving them a concise overview of the course’s content. Learners go on to explore the top security-related issues facing all computer users, and what can be done to mitigate security risks. The following ten key areas are covered:
- Policies/Compliance: Your Responsibilities
- Internet: Avoid Communication Hazards
- Access Controls: Never Share with Others
- Human Resources: Working Remotely
- Asset Management: Protect Your Valuables
- Physical Security: Protect your Workplace
- Social Engineering: It’s All About the People
- Malicious Code: Think Before You Click
- Business Continuity: Staying in Business
- Incident Reporting: Call the Professionals
Only when all employees are thoroughly familiar with all the different ways they can inadvertently compromise company information can businesses begin to make headway in reducing the risk of the serious data breaches that cause headaches for everyone. The course concludes with a short post-assessment that, with an adequate score, will award learners with a certificate of security awareness. Sign up now for a free preview of this course.