If you haven’t seen stories about cybersecurity, data breaches, and hackers, then you either avoid the news or you live in a shoebox. If you are a business owner, you have a fiduciary responsibility to protect your company from known threats. Hackers today are a known threat, and statistics show that getting hacked is not a matter of if, but when.
So, how do you protect against these threats? Buy and implement software like a firewall, antivirus, antimalware, or some other latest and greatest security solution? These are all good starts, but the greatest threat to information today is your employee and yourself. How did RSA get hacked? An executive opened an e-mail attachment, unknowingly downloading a virus. A review of recent bank cyber heists revealed that most were enabled by an employee unknowingly downloading a virus embedded in an e-mail attachment.
Training is one of your best defenses. You must ensure that your employees understand the threats, where they come from, how they are implemented, and how to protect against them. Consider this approach: threat, behavior, attitude, training (TBAT).
First, you must understand the threat, both general and specific. What are the general cyber threats you must protect against? What are the specific threats to your industry or your business in particular?
Next, you must understand your behaviors and those of your employees, both general and specific, that cause your business to be more vulnerable to the general and specific threats.
Just as important is your attitude and that of your employees. Unfortunately, many individuals and business owners think “it won’t happen to me.” This is so far from the truth. In fact, you likely have already been hacked and don’t even know it. If you believe it won’t happen to you, then you are playing with fire.
Finally, training is the key. You must train employees to understand the threats, their behaviors that facilitate the success of the hackers, and how their attitude must be one of suspicion and security.
Cybersecurity is not a set-it-and-forget-it concept. A firewall, antivirus application, and a password are not enough. Also, there is no silver bullet. No piece of software or hardware will protect you. It helps, but if just one employee clicks on an unsuspecting link in an e-mail, not knowing it has been infected, you are done.
Think of a computer virus like you would a cold virus. Someone sneezes and then touches a door handle. Everyone who touches the handle thereafter is potentially infected. Take action now to protect your workforce.