Being able to recognize potential threats means being able to understand what motivates the criminals who are trying to invade your environment. It\u2019s fair to say that a criminal is going to value your wallet. The question then is, what data in your environment has the greatest value?\nAnswering that question will help you to recognize some potential threats, but certainly not all of them. Social engineering tactics are convincing and highly successful.\nIn fact, Verizon\u2019s Data Breach Information Report for 2016 cites a study that shows 30% of phishing messages were opened by the target during an extensive test. About 12% went on to click the malicious attachment or link and thus enabled the attack to succeed.\nFor whatever reason\u2014curiosity? Inattention? A mistake?\u2014more often than not, the user will unknowingly click on a malicious link. In order to give your employees cause to pause, they need to understand what can happen to the organization and the people within it if they fail to verify before clicking.\nYour goal is to protect your organization from fraud and cybercriminals, but there are also steps you need to take to ensure physical security. Those intruders that are savvy enough to physically enter the premises and steal information might walk away with a device or two, but unless they are able to hack into the device, the only loss you incur is the machine itself.\nIntruders that you can\u2019t see enter into your network and go after the high value data, which puts everything that the attacker has accessed through lateral movement at risk. Depending on your organization, that could be financial records, health records, PII, Social Security numbers, banking and credit card information, or personal and interoffice emails. They can access information that could be used to get into additional accounts.\nSome higher ups have been inclined to dismiss employees who mistakenly welcomed an intruder, but the threat of losing your job will make you less likely to report an incident\u2014not the result they were going for. \u00a0\nIf an alert becomes a breach, the results can be catastrophic. Larger enterprises might be able to recover the monetary loss, but not every organization can withstand the financial loss of a breach. A breach can negatively impact consumer trust and brand, resulting in future losses.\nMany organizations have also seen the legal implications of having sensitive customer information stolen. Identity theft is always a concern in a breach, which is why recovering from a breach of great magnitude can take millions of dollars and several years. This year\u2019s IBM Cost of Data Breach Study \u201cfound the average consolidated total cost of a data breach grew from $3.8 million to $4 million.\u201d The study also reports that the \u201caverage cost incurred for each lost or stolen record containing sensitive and confidential information increased from $154 to $158.\u201d\nHaving a plan in place to stop an innocent click from turning into a breach will help your organization understand how to combat cybercrime. Back up your files, set user controls, segment your network, and have an incident response plan.