According to the Identity Theft Resource Center, 932 data breaches have affected U.S. organizations so far this year as of Oct. 3. This means more than 47 million records are now compromised and could be in the hands of cybercriminals all over the world, regardless of whether the breaches themselves were accidental or malicious. As a result, the importance of sound cybersecurity practices among employees can't be understated. Employers must labor to instill good security habits among staff, through appropriate training that includes measures such as a computer skills assessment test.
Recognizing your industry's risk
As an overall category, private-sector business is the biggest victim of data breaches, identified by ITRC data as accounting for approximately 22 million of 2018's leaks to date. The government and armed forces, as well as those companies affiliated with them as contractors and vendors, are the next-biggest target with more than 16 million breaches or hacks. On the opposite end of the spectrum, education suffered the fewest breaches - slightly more than 832,000 of them as yet this year.
Chances are good your organization falls into the ITRC's "business" category. As such, launching a large-scale cybersecurity awareness initiative for employees is a must. According to Forbes, it's critical not only to instruct them how severe breaches are for the business, but also about cybercrime's detriment to the larger world and to workers' personal lives.
Covering major threats
Major breach risks to businesses include:
- Malware attacks.
- Phishing scams.
- Dedicated-denial-of-service hacks.
On an employee level, phishing scams are probably the most immediate threat: They're emails disguised as messages from loved ones, important work communications or notices from lenders, according to the US-CERT federal cybersecurity task force. They ask the recipient to click a link that triggers a malware download. The damage that results may have no motive for the attacker beyond chaos, or it could be ransomware intended to elicit a payoff.
Emphasizing best practices
Your organization should absolutely have firewalls and anti-virus software in place. But individual workers must also become involved, particularly if they use their own devices for company tasks. Make it mandatory for all outside computers and mobile devices to have malware countermeasures installed, and use a mobile device management system to oversee activity on multiple systems.