Join our Waitlist for Expert Advice!

Battling Cyber Threats Begins With Employee Education Even the best of software and technology is useless without appropriate human training.

By Kelly Ricker Edited by Dan Bova

Opinions expressed by Entrepreneur contributors are their own.

Shutterstock

Technology is a driving force for organizational goals. The rapid adoption of cloud computing and the widespread availability of mobile devices and apps has moved technology from serving as simply a support mechanism to the critical differentiator in the way in which companies operate day-to-day and in how they prepare for the future.

As technology grows in its importance, so does the issue of security. Companies of all sizes consistently rate security as a top priority among all of their technology issues. Clearly businesses seem to understand the importance good security practices. But are they taking the right steps?

Related: 7 Cybersecurity Layers Every Entrepreneur Needs to Understand

Companies have good reason to be concerned. The threat of cybercrime is very real and the impact of becoming a cybercrime victim is potentially catastrophic.

In its "2015 Cost of Cyber Crime Study" the Ponemon Institute found that the number of cyberattacks against governments and commercial enterprises continues to grow in frequency and severity. The average cost of a single cybercrime is $7.7 million. While this figure is skewed by large enterprises, the per capita cost for a small business ($1,388) is significantly higher than the cost for a large firm ($431).

Large or small, public or private sector, all organizations must embrace a comprehensive approach to cybersecurity that's built on the foundation of three critical elements: risk assessment, new security tools and the human element.

Risk assessment.

Assessing risk is not a new concept for businesses, especially within firms with a strong project management mindset. But the time has come for more organizations to engage in and apply a rigorous analysis of its security practices.

Typical analysis activities include determining the probability of a risk, estimating the potential impact, and determining mitigation strategies. The time and effort involved in building mitigation is directly related to the probability and impact. A high probably/high impact risk requires much more robust mitigation than a low probability/low impact risk.

Related: Why Small-Business Entrepreneurs Should Care About Cybersecurity

New cybersecurity tools available.

Firewalls may not be a complete security solution anymore, but they are still a critical part of the security preparedness. Companies may need to update their firewall, as their function has evolved from filtering traffic to restricting traffic.

Other new security tools to consider include Data Loss Prevention (DLP) technology, which tracks data to watch for inappropriate behavior; and Identity and Access Management (IAM) recognizes users in individual applications and gives them proper access.

Human element and training.

Research by CompTIA and other organizations consistently shows that the main cause of security breaches is human error by employees, who either don't follow policy or haven't received the training that would alert them to a potential security threat.

Too often, though, companies ignore the risk that's present every day within their four walls. According to an October 2015 CompTIA-commissioned survey of 1,200 full-time workers across the U.S. titled "Cyber Secure: A Look at Employee Cybersecurity Habits in the Workplace," 45 percent say they do not receive any form of cybersecurity training at work. We can't expect employees -- the first line of defense -- to act securely without providing them with the knowledge and resources to do so.

Related: CEOs Can No Longer Sit Idly By on Cybersecurity

Complicating the cybersecurity challenge for organizations is the fact that they are dealing with multiple generations in their workforce. Baby Boomers, Gen Xers and Millennials each present unique security challenges and risks to organizations. For example, 42 percent of Millennials have had a work device infected with a virus in the past two years, compared to 32 percent for all employees. Age also factors into security awareness. 46 percent of Millennials are familiar with two-factor authentication, compared to just 21 percent of Baby Boomers.

With the wave of new workers coming into the workforce, organizations need to take extra precautions and make sure they have effective training in place. Companies can't treat cybersecurity training as a one-and-done activity, or something that's only relevant to the IT department. It needs to be an ongoing initiative for all employees throughout the organization.

The best security technology products and the most comprehensive policies and processes won't work without appropriate human action and intervention. Spreading cybersecurity awareness, knowledge and training throughout the entire organization, from the receptionist at the front desk to the CEO in the corner officer, is essential. Otherwise, organizations run the very real risk of becoming the next cybersecurity victim.

Kelly Ricker

Senior Vice President for CompTIA,

As the senior vice president of events and education for CompTIA, Kelly Ricker is responsible for setting the association's IT channel education and event strategies and overseeing the department that is responsible for producing CompTIA's channel education products and live events, including the annual Breakaway conference where more than 1,100 channel executives gather for business and training. Ricker  currently serves on the Corporate Event Marketing Association (CEMA) Industry Advisory Board and the Meeting Planners International (MPI) Membership Committee. She is a graduate of Miami University in Oxford, Ohio, where she majored in Public Relations.

?
 

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Side Hustle

At 16, She Started a Side Hustle While 'Stuck at Home.' Now It's on Track to Earn Over $3.1 Million This Year.

Evangelina Petrakis, 21, was in high school when she posted on social media for fun — then realized a business opportunity.

Health & Wellness

I'm a CEO, Founder and Father of 2 — Here Are 3 Practices That Help Me Maintain My Sanity.

This is a combination of active practices that I've put together over a decade of my intense entrepreneurial journey.

Business News

Remote Work Enthusiast Kevin O'Leary Does TV Appearance Wearing Suit Jacket, Tie and Pajama Bottoms

"Shark Tank" star Kevin O'Leary looks all business—until you see the wide view.

Business News

Are Apple Smart Glasses in the Works? Apple Is Eyeing Meta's Ran-Ban Success Story, According to a New Report.

Meta has sold more than 700,000 pairs of smart glasses, with demand even ahead of supply at one point.

Money & Finance

The 'Richest' U.S. City Probably Isn't Where You Think It Is

It's not located in New York or California.

Business News

Hybrid Workers Were Put to the Test Against Fully In-Office Employees — Here's Who Came Out On Top

Productivity barely changed whether employees were in the office or not. However, hybrid workers reported better job satisfaction than in-office workers.