In the cat and mouse game of data security, the weakest player will always be the humans. According to the BakerHostetler 2017 Data Security Incident Response Report, 32% of incidents in the study were initiated by human error.
The best way to protect your company data is through implementing several security layers (SPAM filtering, firewall, anti-virus, etc.), including the often overlooked human security awareness training layer. New tools are promoted as the “silver bullet” that will stop everything bad from getting through. What those tools can’t catch, however, are the social engineering attacks that expertly spoof a legitimate request to get through the technology to the person behind it.
Even the largest, most well-known tech companies can fall for these attacks. Facebook and Google were tricked into paying over $100 million in spoofed invoices over 2 years. The invoices appeared to come from a major supplier these companies regularly do business with.
More commonly, cybercriminals will impersonate the CEO of a company and request fund transfers or confidential company or employee information. The best advice we have received from several cyber security experts is to slow down. Walk down the hall or pick up the phone and verify that the request is legitimate.
This is where Security Awareness Training comes in. When employees are taught what to look out for, and tested to ensure the training took, your company will be less likely to fall victim to a social engineering attack. This isn’t a one-time training to check the compliance box – it should be reinforced frequently. As it becomes more difficult for cybercriminals to find vulnerabilities in technology, they are looking to the human vulnerabilities more often.
Want to learn more about how to implement Security Awareness Training at your company? Check out our SecureWorker™ program, or reach out to the Mytech Sales Team.