The weakest point of entry into your computer network is your all too human employees. The study found that 31% of cyber attacks start out from “unintended disclosures.” Usually what has happened is that an employee has read and responded to some sort of clever phishing email, and provided user credentials to the network. Another 24% were due to the loss of paper records, which can happen through dumpster-diving, or outright theft from an unlocked car or unattended desk.
The solution to this problem only comes through a thorough training program, and an established set of information security policies which define how information is stored, transmitted, and ultimately destroyed. From this beginning most small businesses can significantly reduce the number and severity of computer security incidences, from simply avoiding the cost of removing malware from infected systems, to larger issues such as securing financial, proprietary, and customer information.
This sort of training is available, and may offer a better ROI than investing in a bunch of security hardware devices. Remember, most firewalls will not block a request coming from inside the network perimeter, and in many cases will allow a response to that request, even it is directed to a cyber-criminal’s command and control server. Training, and regular retraining, is the best way to harden the human perimeter in your company.
CIT Cybersecurity can provide the security awareness training your employees need. We also can provide a wide variety of other computer training . Call us at 651 255-5773 for more information.
Topics can be customized for the client and can include:
- Email Use and security
- Proper care and handling of security credentials, such as passwords
- Safe use of Web Browsers and the Internet
- Social engineering
- Online banking security
- Security incident response
- Corporate security policies
- The organization’s security program
- Regulatory compliance requirements for the organization
- Acceptable computing resource use
- Business continuity and disaster recovery
- Risk assessment
- Data classification and personal or client information handling
- Personnel security, safety, and soundness
- Physical security
- Accidents, errors, or omissions