Security Awareness

The Maginot Line was a line of concrete fortifications, obstacles and weapons installations that France constructed along its borders with Germany in the 1930s. This costly barrier was resistant to most forms of attack yet the barrier only protected a specific part of France. The French thought they understood the shape of the German threat, and thus, could defend against it by building a wall behind which would allow life to go on as normal. The French people were simply not involved in their own defense. The attack, when it came via Belgium, outflanked the line and France fell within six weeks.

The boundary between inside and outside an organization is increasingly hazy, and to be clear, your employees are the front line. Until you raise each individual’s awareness of cyber security, providing them with simple, easy-to-use tools to help them protect themselves, you leave yourself vulnerable to a new form of attack. If you empower them, you give your organization multiple outlets that can assist in managing the security risk, without any significant additional investment.

Every company has a choice – keep trying to build a Maginot Line around the organization or take a smarter route to proactively manage data loss by involving users in data classification. 2019 brings major changes to the way companies view their policies and strategies. Employee training being one of the biggest issues at hand, but on top of that, the necessity for cybersecurity knowledge cannot be emphasized enough. A company’s employees may deem themselves safe by contemplating whether or not they are a high enough profile to be a target. That could not be farther from the truth. If we have learned anything in the past years, bad actors will use any means necessary in order to breach. In most situations, the employees on the lower end on the hierarchal spectrum become a bad actor’s main target as they are usually a company’s weakest link and easiest to manipulate.

Who robs a bank anymore?

As the Bonnie & Clyde days are well behind us, and an era of increasingly sophisticated security has arisen. The Statistics don’t lie:

  • According to Wirefraud.org, in the first quarter of 2019, California – a state which makes up roughly 12% of the total U.S. population – produced 24% of all reported instances of mortgage fraud
  • In 2019 thus far, there have been over 11,000 victims to wire fraud alone.
  • Cyber-Security Ventures posted on the matter at hand and was able to project that by the end of 2021, the damage related to cybercrime will hit $6 trillion annually.
  • In 2018, the FBI reported that $12.5 billion was lost exclusively to email fraud.
  • Business email compromise (BEC) emphasizes the critical risk that exists each time an employee opens their inbox. A single phish email could be what compromises a company’s security ultimately leading to substantial financial loss or a data breach.
  • The Financial Crimes Enforcement Network (FinCEN) reported that real estate was the third highest targeted sector for Business Email Compromise (BEC) in 2018.

Anyone who knows me is reminded that I can get very long winded on the importance of adequate cybersecurity and the false sense of protection afforded by Cyber Insurance….Most policies provide very little protection from phishing attacks. Nevertheless, the one thing I cannot emphasize enough… Is your organization prepared for an incoming cyber-attack?

The one consistency in cyber-attacks is that an individual in your organization made a mistake… In order to operate at the highest level of security, you must identify your company’s biggest weaknesses. So let me help you out. You do not need to spend thousands of dollars hiring experts to figure this out. After all, if I were to read your latest Corporate SOC report, or were to talk to your IT department, they would advise me that they have done everything to mitigate the risk. They may even have a Data breach response plan, but answer this one simple question…. When was the last time you gave your end users any Cyber training and what to watch out for?

Educate your people. Cyber-attacks don’t discriminate between large or small companies nor high or low profile employees. Knowledge is power. Educate your employees on every known phishing attack or update in the press. Remind yourself and your employees every day: Cyber intrusion is not a matter of if, but rather when. 

With technology moving forward at a record pace, it is in everyone’s best interest to be informed and proactive. The best Generals in every war have demonstrated, “The best offense is a better defense.”

So please, think before you click!

Leave a Comment

You must be logged in to post a comment.