If your employees don't understand how important they are to the security of your company, your company's information will never be truly secure.
Despite your best intentions, all it takes is one click on a phishing email by an employee and your entire network could be compromised.
So stop viewing security as only a technology problem. It's a people problem too.
I've gone over ransomware stats a few times (here and here). Of course, I've found another in an article in The Atlantic that's eye-opening about why you need to pay attention to security. Here's a quote from it:
The company’s (Datto) survey of 1,100 IT professionals found that nearly 92 percent had clients that suffered ransomware attacks in the last year, including 40 percent whose clients had sustained at least six attacks. The report found that “less than 1 in 4 ransomware incidents are reported to the authorities.” Factoring in the cost and average amount of time lost to infections—an overwhelming majority of small businesses hit by ransomware face at least two days of downtime—as well as the number of businesses affected by them, Datto suggests that the financial impact of this brand of cybercrime starts in the range of $75 billion each year.
The company arrived at this figure based on an estimate from the Aberdeen Group, a consultancy, that an hour of inactivity costs small companies an average of $8,581 per hour.
For a visual look at how attacks on SMBs are increasing, look at the progression in this graphic from Symmantec.
Train Your Employees – and IT Staff
While outsourcing your network security to an IT managed services partner is certainly an option, if you do choose to manage your networks internally keep IT staff up-to-date on cybersecurity trends. Security threats morph each year, so budget for training courses for both cybersecurity in general and specific training for your security platform technology.
Non-IT employees don't need that level of training, but regularly-scheduled sessions – even brown-bag lunches – to have your IT staff share tips for do's and don't's of security will improve your overall chances of staying safe from cybercriminals. Aberdeen research shows that SMBs who focus on a culture of security have a 60% less chance of having a data breach.
Don't Stop. Ever.
You're never “finished” with creating a security culture. It requires ongoing, regular effort. I know, I know. You're pressed for time. It's hard to get everyone together to discuss security. You don't know where to start. It's not worth it. Maybe it's just me, but avoiding $8,552 per hour of downtime in the case of a security breach sounds worth it.
How do you start? You start.
- Create a security strategy and make sure your employees know you have one.
- Tell your employees that security is important and that you'd rather they be overly cautious than overly trusting.
- If a link in an email, instant message, or an online post looks suspicious or weird or off in some way; delete it. I've mentioned this before – Think Before You Click.
- Have a data backup strategy and implementation plan.
- Guard your devices. Don't leave a laptop or mobile device unattended in public. In the office, especially an office with visitors, lock your devices when not in use.
- See something, say something. This doesn't just apply to unattended bags in an airport. If you see anything suspicious, report it to your IT department or your IT managed services partner.
- Enforce good password security protocal. Such as use eight character passwords with letters, numbers, and characters. Don't share passwords. Change them regularly. More here.
Want more insights into security tips? Click here to read all of our security tips.