When it comes to cyber security, especially phishing/spear phishing, what you don't know (and/or ignore) can hurt you and your organization. The total annual cost of phishing for the average-sized organization is estimated to be $3.77 million, most of which is due to the loss of employee productivity. The costs associated with intellectual property theft are considerably higher, $538 billion a year.
Nobody Is Immune:
- Five out of every six large companies (2,500+ employees) were targeted with spear-phishing attacks in 2014, a 40% increase over the previous year
- Small- and medium-sized businesses saw an uptick too, with attacks increasing 26% and 30%, respectively
- Non-targeted attacks, which make up the majority of malware, increased by 26%
- More than 317 million new pieces of malware were created last year, meaning nearly one million new threats were released daily
The bad news is that less than 20% of IT leaders are confident their colleagues have been sufficiently schooled to avoid being “caught” in a phishing attack. That's with good reason: 55% of all security attacks in 2014 were carried out by either malicious insiders or inadvertent actors, and over 95% of breaches caused by insiders are caused by human error.
The good news is that these and other attacks can be mitigated with employee awareness and bolstered with the appropriate training, procedures, and policies. Here are six of the top tips for better securing your workplace:
Tip #1: Security! Security! Security!
Start with a security program that is clear and concise, with policies and procedures that are communicated to employees, partners, and everybody else with access to corporate information. Revise your policies and procedures on an ongoing basis, because the threat environment is changing on an ongoing basis.
Tip #2: Train and Test
Employees need to be trained about the organization’s security policies and procedures, and they should be tested on a regular basis to ensure that their knowledge is up-to-date.
Tip #3: Password Management
Developing good password management skills is critical in today’s connected world, both at work and at home.
Tip #4: Patches (and Updates)
Security is a moving target, with new threats and vulnerabilities occurring at a rapid pace, so ensuring that patches and updates are applied on a regular basis is absolutely essential.
Tip #5: Security Is Not a One-Time, One-Person Activity
Everybody needs to be aware of proper security policies, procedures and their daily use, and must be active in ensuring a secure workplace.
Tip #6: Probe Your Defenses
Conduct periodic penetration testing—especially phishing and social engineering testing—to measure your success at raising awareness.