Get All Access for $5/mo

The Most Cost-Effective Cyber-Security Initiative You Can Employ Hint: It's not technology that will deliver the biggest boon.

By Eric Basu Edited by Dan Bova

Opinions expressed by Entrepreneur contributors are their own.

Shutterstock

By now, many companies are having their departments wade through a litany of strategy meetings to determine next year's budget. CIOs and their directors will certainly be in the mix, particularly as it relates to cyber-security initiatives. While it's important to look at what systems are in place and what state-of-the-art technology should be employed to mission-critical networks, one cost-effective element for thwarting the next threat is often overlooked: training.

Here's the cold, hard reality. No new-fangled anti-virus, anti-spam or firewall system will prevent a sophisticated hacker from infiltrating a company's database if employees aren't practicing tried-and-true safe computer practices. Organizations are usually hacked from the inadvertent, nonmalicious but nonetheless unsafe activities of its employees. Here are just a few:

Related: Best Practices for Employees to Protect the Company From Hackers

1. Employees with a public Facebook account that discloses their complete name and date of birth could provide a cyber predator the tools to potentially obtain a Social Security number among other essential information to successfully infiltrate your business and personal accounts.

2. Shadow Wi-Fi accounts that show up in public places, such as a conference hall or hotel, can prey on mobile devices that are set to connect to the nearest open network. They resemble a reputable access point but instead target business travelers so they will unintentionally expose all the company information on their iPhone, iPad or laptop.

3. Passwords to multiple accounts are often tough to remember so many individuals write them down on a notebook or unencrypted file on their computer or phone. While this is understandable, the result essentially provides an open invitation to cyber thieves.

4. An employee receives an email from someone he or she doesn't know, clicks on the link as directed and instantly malware permeates the company's network. It wasn't a malicious act by the teammate.

Related: Protecting Your Computer Against the Threat Posed by Humans

This last point brings up an important element that should be part of any corporate cyber-security training program: Every organization is vulnerable to an attack. Some managers will think their firm is too small for a virtual thief to consider attacking. The opposite is quite true. Smaller companies are often easier targets. An organized criminal group based overseas can go after millions of small businesses at the click of a mouse and rack up huge payoffs with scarcely batting an eye.

Companies need to emphasize to members of their team the importance of safe computer practices that go well beyond appropriate websites to surf during office hours. Cyber-security activities of employees should be given the same care and concern as showing them how to safely leave the office building after hours.

Now all this doesn't mean that organizations should ignore their network architecture, security patches, disaster-recovery policies and a threat-management system. All these elements remain crucial to an effective information assurance strategy. But failure to adopt training programs that effectively remind and reward employees for prudent computer practices will leave a gaping hole in a company's ability to thwart the next threat.

Related: U.S. National Security Prosecutors Shift Focus From Spies to Cyber Attacks

Eric Basu

CEO of Sentek Global

Eric Basu is the CEO of Sentek Global, a provider of government and commercial cybersecurity and information technology solutions. 

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Editor's Pick

Business Process

How CEOs Can Take Control of Their Emails and Achieve Inbox Zero

Although there are many methodologies that leaders can use to manage their emails effectively, a consistent and thought-through process is the most effective way to systemize and respond to emails and is a step of stewardship for the effective leader.

Side Hustle

'Hustling Every Day': These Friends Started a Side Hustle With $2,500 Each — It 'Snowballed' to Over $500,000 and Became a Multimillion-Dollar Brand

Paris Emily Nicholson and Saskia Teje Jenkins had a 2020 brainstorm session that led to a lucrative business.

Business News

Former Steve Jobs Intern Says This Is How He Would Have Approached AI

The former intern is now the CEO of AI and data company DataStax.

Science & Technology

5 Automation Strategies Every Small Business Should Follow

It's time we make IT automation work for us: streamline processes, boost efficiency and drive growth with the right tools and strategy.

Marketing

5 Critical Mistakes to Avoid When Giving a Presentation

Are you tired of enduring dull presentations? Over the years, I have compiled a list of common presentation mistakes and how to avoid them. Here are my top five tips.