When it comes to cyber security, especially phishing/spear phishing, what you don’t know (and/or ignore) can hurt you and your organization. The total annual cost of phishing for the average-sized organization is estimated to be $3.77 million, most of which is due to the loss of employee productivity.1 The costs associated with intellectual property theft are considerably higher, $538 billion a year.2
Nobody Is Immune:
- Five out of every six large companies (2,500+ employees) were targeted with spear-phishing attacks in 2014, a 40% increase over the previous year
- Small- and medium-sized businesses saw an uptick too, with attacks increasing 26% and 30%, respectively
- Non-targeted attacks, which make up the majority of malware, increased by 26%
- More than 317 million new pieces of malware were created last year, meaning nearly one million new threats were released daily3
The bad news is that less than 20% of IT leaders are confident their colleagues have been sufficiently schooled to avoid being “caught” in a phishing attack.4 That’s with good reason: 55% of all security attacks in 2014 were carried out by either malicious insiders or inadvertent actors, and over 95% of breaches caused by insiders are caused by human error.5
The good news is that these and other attacks can be mitigated with employee awareness and bolstered with the appropriate training, procedures, and policies. Here are six of the top tips for better securing your workplace:
Tip #1: Security! Security! Security!
Start with a security program that is clear and concise, with policies and procedures that are communicated to employees, partners, and everybody else with access to corporate information. Revise your policies and procedures on an ongoing basis, because the threat environment is changing on an ongoing basis.
Tip #2: Train and Test
Employees need to be trained about the organization’s security policies and procedures, and they should be tested on a regular basis to ensure that their knowledge is up-to-date.
Tip #3: Password Management
Developing good password management skills is critical in today’s connected world, both at work and at home.
Tip #4: Patches (and Updates)
Security is a moving target, with new threats and vulnerabilities occurring at a rapid pace, so ensuring that patches and updates are applied on a regular basis is absolutely essential.
Tip #5: Security Is Not a One-Time, One-Person Activity
Everybody needs to be aware of proper security policies, procedures and their daily use, and must be active in ensuring a secure workplace.
Tip #6: Probe Your Defenses
Conduct periodic penetration testing—especially phishing and social engineering testing—to measure your success at raising awareness.
As a Champion of National Cyber Security Awareness Month (NCSAM) 2015, PC Connection, Inc. is committed to promoting cyber security and online safety. Our in-house team of security experts is dedicated to helping organizations of every size reduce their risk with industry-leading security solutions and services. PC Connection’s Security Practice can help create comprehensive security programs that leverage the latest technologies from our partners, including: Cisco, Check Point, Core Security, Dell, Intel Security, Security Innovation, Sophos, Symantec, Trend Micro, and VMware.
Our team is proud to support the goals of NCSAM:
- Promote online safety
- Ensure everyone has the resources to stay safer and more secure online
- Engage and educate public and private sector partners through events and initiatives with the goal of raising cyber security awareness
 The Cost of Phishing and Value of Employee Training, Ponemon Institute, August 2015 http://info.wombatsecurity.com/hubfs/Ponemon_Institute_Cost_of_Phishing.pdf
 Taking Control of Cybersecurity: A Practical Guide for Officers and Directors, Foley and Lardner LLP, 2015
 2015 Internet Security Threat Report, Symantec Corporation, https://www4.symantec.com/mktginfo/whitepaper/ISTR/21347932_GA-internet-security-threat-report-volume-20-2015-social_v2.pdf
 2015 Cyberthreat Defense Report, CyberEdge Group
 IBM 2015 Cyber Security Intelligence Index, http://www-01.ibm.com/common/ssi/cgi-bin/ssialias?subtype=WH&infotype=SA&htmlfid=SEW03073USEN&attachment=SEW03073USEN.PDF