The Most Cost-Effective Cyber-Security Initiative You Can Employ
By now, many companies are having their departments wade through a litany of strategy meetings to determine next year’s budget. CIOs and their directors will certainly be in the mix, particularly as it relates to cyber-security initiatives. While it’s important to look at what systems are in place and what state-of-the-art technology should be employed to mission-critical networks, one cost-effective element for thwarting the next threat is often overlooked: training.
Here’s the cold, hard reality. No new-fangled anti-virus, anti-spam or firewall system will prevent a sophisticated hacker from infiltrating a company’s database if employees aren’t practicing tried-and-true safe computer practices. Organizations are usually hacked from the inadvertent, nonmalicious but nonetheless unsafe activities of its employees. Here are just a few:
1. Employees with a public Facebook account that discloses their complete name and date of birth could provide a cyber predator the tools to potentially obtain a Social Security number among other essential information to successfully infiltrate your business and personal accounts.
2. Shadow Wi-Fi accounts that show up in public places, such as a conference hall or hotel, can prey on mobile devices that are set to connect to the nearest open network. They resemble a reputable access point but instead target business travelers so they will unintentionally expose all the company information on their iPhone, iPad or laptop.
3. Passwords to multiple accounts are often tough to remember so many individuals write them down on a notebook or unencrypted file on their computer or phone. While this is understandable, the result essentially provides an open invitation to cyber thieves.
4. An employee receives an email from someone he or she doesn’t know, clicks on the link as directed and instantly malware permeates the company’s network. It wasn’t a malicious act by the teammate.
This last point brings up an important element that should be part of any corporate cyber-security training program: Every organization is vulnerable to an attack. Some managers will think their firm is too small for a virtual thief to consider attacking. The opposite is quite true. Smaller companies are often easier targets. An organized criminal group based overseas can go after millions of small businesses at the click of a mouse and rack up huge payoffs with scarcely batting an eye.
Companies need to emphasize to members of their team the importance of safe computer practices that go well beyond appropriate websites to surf during office hours. Cyber-security activities of employees should be given the same care and concern as showing them how to safely leave the office building after hours.
Now all this doesn’t mean that organizations should ignore their network architecture, security patches, disaster-recovery policies and a threat-management system. All these elements remain crucial to an effective information assurance strategy. But failure to adopt training programs that effectively remind and reward employees for prudent computer practices will leave a gaping hole in a company's ability to thwart the next threat.
Entrepreneur Editors' Picks
Formerly Enslaved Black Man Nearest Green Taught Jack Daniel Everything He Knew About Whiskey. Today, the Founder of Uncle Nearest Premium Whiskey Celebrates His Legacy.
Leadership Lessons From the Exclusive Creativity School That 'Packs 5 Years Learning Into 5 Days'
3 Expert-Backed Strategies for Staying Calm in Times of Confrontation
The CEO of Wayfair Has Helped Revolutionize Digital Shopping for 20 Years. Here's How He Handles Rocky Economic Conditions.
This Founder Went to Prison When He Was 15 Years Old. That's Where He Came Up With the Idea for a Company Now Backed By John Legend.
3 Signs You're Letting Pride Get in the Way of Being Successful
Chip and Joanna Gaines and Shonda Rhimes Found Incredible Success By Using This One Entrepreneurial Strategy. Here's How You Can Too.