Last year in London, an unemployed man was making his way to the library to continue his job search. But on the way, he encountered something unusual: a USB key, partially obscured by some fallen leaves. He didn’t think much of it, but out of curiosity he popped the device into his pocket and continued on his way. Once he arrived at the library, he plugged in the USB, and as he clicked around, he realized that this was a treasure trove of security information for the Heathrow International Airport: hundreds of folders filled with maps outlining CCTV camera locations, labyrinthine tunnels snaking below the building, and even the exact route the Queen takes when she uses the airport.
Understandably concerned, the man quickly removed the device and brought it to the tabloid The Daily Mirror. Despite a full-scale investigation by the airport and dozens of police and security experts, it’s still unclear how this extremely sensitive information escaped. However, all signs point to the USB key being dropped by either a hapless employee carrying around a national security concern in their pocket, or a malicious employee looking to cause a national security crisis.
Regardless, the story makes a vital point very clear: whether you’re an international airport transiting over 70 million people each year, or a small business with under $10 million in annual revenue, your biggest security concern shouldn’t be a crack team of hackers, it’s your employees.
Sure, you may find the idea that any of your employees would actively wish your organization harm laughable. But we’re willing to guess that you probably underestimate the wrath of an employee scorned. Even if you treat your team better than any boss in the world, they’re still human – which, of course, means they make mistakes from time to time. And considering the average level of cyber security of many SMBs, “time to time” might actually mean every day, leaving huge openings in your digital barriers. These errors don’t really matter – until the day a hacker comes across your business and immediately realizes the massive security gaps your team is leaving for them to exploit.
Cyber security is a lot more complicated than most people want to admit. Today’s digital landscape is full of hazards, a thousand mistakes to be made at every step, resulting in a million holes for cyber criminals to exploit. Even the most tech-savvy people don’t know everything about cyber security, and very few have as much knowledge as the hackers trying to gain access to your business network. When you consider all the misinformation and uncertainty surrounding cyber security, and the fact that many of your employees probably know almost nothing about cyber security, you might start to feel a bit panicked.
The fight against digital threats can seem like an unending battle – a war that the good guys seem to be losing – but luckily, when it comes to the security of your business, there are ways to protect yourself without blowing a ton of cash. For instance, start with your biggest vulnerability: your team. When an employee joins your organization, they should go through an intensive cyber security training. Their welcome package should include comprehensive rules about security policies, from using strong passwords to how they should respond to potential phishing attempts. Deviating from these policies should come with serious repercussions.
As for existing employees, invest time into training them! We can help you build a robust education program to get every member of your organization up to speed on the most concerning cyber threats.
Even then, cyber security isn’t a one-and-done kind of thing; it requires constant vigilance, regular updates on the latest trends and a consistent commitment to protecting your livelihood. Without training and follow-up, even the most powerful cyber security barriers are basically useless, so put some thought into your team and your protections, and you can massively improve the security of the business you’ve worked so hard to build.
Connectability offers a Security Awareness Training program that will educate your team about phishing attacks, data security, cybersecurity in general, social media awareness and much more. It even includes a phishing simulation that tests who is most susceptible to these attacks.
Consistent and up-to-date employee training is the first line of defense against cyber criminals. If your employees know what to look for, and remain vigilant, your chances of being breached by a malicious cybercriminal are significantly reduced.
For just a few dollars per employee per month you get the peace of mind of knowing that your team knows what a phishing attack looks like, so they don’t take the bait. If you’d like to learn more about Security Awareness Training and how it can help secure your business, give us a call at (416) 966-3306 or email us at [email protected]