Some may simply associate this time of year with pumpkins, ghosts and ghouls, but it is also European Cyber Security Month (ECSM), the EU’s annual awareness campaign which takes place every year in the month of October. The aim is to raise awareness of cyber security threats, promote cyber security among citizens and organisations; and provide resources to protect themselves online through education and sharing of good practices.
The US also acknowledges its National Cybersecurity Awareness Month (NCSAM) in October, created as a collaborative effort between the industry and the US government to ensure consumers have the resources they need to stay safe and secure online. This year’s NCSAM theme is “Own IT. Secure IT. Protect IT.” With a strong emphasis on personal responsibility and proactive behaviour.
Here at Boldon James, every month is cyber security awareness month, but it’s easy to see from recent cyber security-related news and headlines why such a campaign is so necessary…
Certainly, when considering organisational cyber security and focusing on data breaches and hacks exposing consumer data specifically, the last few years have experienced a dramatic increase; seeing even the largest and most distinguished organisations fall from grace.
A report by RiskBased Security published in August of this year states that compared to the midyear of 2018, the number of reported breaches was up by 54%, and the number of exposed records had increased by 52%. It’s also important to mention the cost of these breaches, according to IBM and the Ponemon Institute’s annual “Cost of a Data Breach” report, the current average is around $3.9 million. This figure has increased over the last two years and is set to continue to rise. A recent report published by Juniper Research confirms this, predicting that data breach costs will exceed $5 trillion by 2024.
Included in the ‘large and distinguished’ companies I mentioned earlier were Facebook and Equifax. Just last year, Facebook’s data breach left 29 million user accounts open to hackers, resulting in the US Federal Trade Commission (FTC) approving a $5 billion fine over the privacy violations. The huge Equifax breach was announced back in September 2017. It was revealed that the personal information of 147 million people had been exposed, and an agreement was finally reached at the end of July this year; seeing Equifax pay at least $575 million, and up to $700 million in compensation to those affected.
With this acknowledged, and the fact that hackers and malicious actors are becoming increasingly more sophisticated in their attacks, it’s possible to argue that cyber security and awareness of the dangers and consequences for both organisations and consumers has never been so important.
So how can you be more cyber security aware?
Taking inspiration from NCSAM’s 2019 campaign, “Own IT. Secure IT. Protect IT.” let’s break it down as follows…
Owning IT is all about taking responsibility and accountability for your actions surrounding cyber security. When an employee understands how their actions are effecting the organisation, they can revise their behaviour to better protect both themselves and the company.
However, this can only be achieved through an education scheme. Educate your user community on:
• The current cyber security dangers and attacks being launched against other organisations, and therefore, what to watch out for.
• The importance of being safe on social media – keeping personal accounts private and business accounts strictly business. Don’t over-share.
• Checking privacy settings across all tools, and ensuring that employees are downloading computer updates when prompted to do so.
Securing IT reflects the actions taken by you, your customers and third-party organisations to help better protect data:
• Emphasise the importance of passwords and the use of two-factor authentication.
• If your organisation has a data classification policy, ensure that all users understand the types of data they’re dealing with and the sensitivity. This will enable them to choose the appropriate level of classification/make sure the correct option has been automated by the system, to ensure only those authorised to see the information, can.
Protecting IT is the ultimate step:
• Openly discuss methods of keeping sensitive data safe.
• Invest in a data protection solution.
• Discuss the risks of USB drives and options for transferring sensitive files.
• Re-enforce the basic protection steps that are easily forgotten, such as locking work computers and phones, not leaving them lying around, and ensuring employees are being mindful of where they’re conducting business calls.
In the current environment, it’s crucial that your organisation is aware of cyber security threats and is being proactive in attempts to both avoid and mitigate them. Arguably, the most effective way of doing this is to educate and involve your employees in a collaborative effort to improve data protection.
For information on involving your users in your security efforts, and how data classification can enable your organisation to better manage and control your data, as well as improve return on technology investment, visit our website now.