Education, Education, Education
Those of us of a certain age will remember the promise that things can only get better… and the mantra of “education, education, education”. It all seems a long way away today. The good news? When it comes to cybersecurity, things can get significantly better with a relatively small investment in education.
Training budgets are often one of the first things to be cut when businesses need to tighten their belts, but this shouldn’t extend to cybersecurity training.
Cybersecurity training has serious return on investment potential.
Just think about the fines associated with a data breach these days: some 4 percent of your organisation’s annual turnover. To say nothing of the reputational damage, lost business and customer reparations.
A small investment now
So where should small businesses and organisations focus their cyber security training budget? The Grant McGregor team recommends three key elements that you should address immediately if you haven’t done so already:
• General security awareness training
• Closing vulnerabilities around Office 365
• Ensuring staff know how to spot a phishing attack
These three topics represent some of the most common attack vectors facing small and mid-size organisations today. And, what’s more, they’re easy to address. You don’t have to be the fastest antelope on the security savannah; you just have run fast enough to make sure you’re not the most obvious target for the cyber attackers (look out for a future blog post on this subject too!).
This is why we recommend these three areas should be your starting point when it comes to cyber security awareness.
General security awareness
We’ve spoken about the Government’s Cyber Essentials security standard many times on this blog because it is such a great, practical introduction to the topic of cyber security. What’s more, Scottish based businesses can apply for grant funding to help them achieve the certification.
Research has shown that as Office 365 has grown in popularity and uptake, so has its potential for being compromised. As we detailed in an earlier blog, one of the most common routes for compromised accounts is fraudulent emails directing users to a fake Office 365 portal where recipients are prompted to enter their passwords.
Once the attackers have passwords into a user’s Office 365 account, they can use this information to steal or sell commercial information, access other systems or social media accounts, engage in spying or impersonation activities, including to launch spear phishing attacks from the compromised account.
The best way to deal with this threat is, first, to ensure staff are fully aware of how to spot a fraudulent email. Second, we recommend strengthening security by adding two-factor authentication or multi-factorial authentication to your organisation’s Office 365 accounts. This can be achieved quite simply and cheaply – if you’d like to know more about how, please contact our team on 0808 164 4142.
Stop the phishing!
When you know what to look for, it is easy to spot a phishing attack. By training your staff in how to detect a threat you can transform your biggest security vulnerability to the biggest security asset in your organisation.
It’s what security expert Kevin Mitnick calls creating a “human firewall”. He’s designed a cloud-based training programme that can be delivered to all staff within your organisation simply and effectively, to help them spot phishing and spear phishing attacks.
You can access this programme through Grant McGregor, either as a standalone solution or as part of a bigger security programme. Contact our team to find out more.
Education, education, education
While security might seem like a complex topic, it needn’t be – help is at hand.
For more information about any of the cyber security initiatives, training or programmes featured in this blog, please get in touch with our friendly team today.