By Christine Kern, contributing writer
MSPs and VARs should make employee training a top priority for their clients.
As data breaches and other cyber-attacks rise at alarming rates, prevention and detection become critical. But, according to leading government and industry reports, more than 90 percent of all cyber attacks are successfully executed using information obtained via employees who unwittingly gave away their access credentials to hackers. For VARs and MSPs, helping clients guard against these external attacks through better employee training should be a top priority.
Spear phishing is one of the most common methods used by hackers to acquire login information from system users. Spear phishing uses a fake email with a URL leading recipients to a fake website with a registration form or attachments and links that download malware onto the users’ device. This then provides access to the hackers.
“Despite all the attention and resources cybersecurity is receiving from the media, executive management, and governments, organizations still fail to protect their most valuable assets from hackers because they focus too much on network security while ignoring the employee identity theft and access exploitation risk,” explained Henry Bagdasarian, founder of the Identity Management Institute.
“The main reason we ignore reports which point to human error as the main root cause of data breaches is the belief that only network security can stop hackers in the Internet world. This is not an accurate assessment because as organizations excessively fortify their network security with intrusion detection and prevention technology, data breach incidents continue to rise” continued Bagdasarian.
The data highlights the need to address the human element in cyber security, but adding proactive training of employees regarding phishing and other schemes that could inadvertently provide access to protected data and systems. To best counter cyber threats, organizations should adopt a balanced security approach that recognizes network security strengths and limitations, automates security enforcement, and improves identity and access management processes to reduce employee errors ad potential security breach incidents.
Wombat offers simple steps to begin an employee-training program to create an important line of defense against cyber attack:
1.Start at the top: train from the senior leadership down, and be sure to clarify the business risks and consequences of a data breach.
2.Increase employee awareness: Educate staff and provide training for handling confidential information, emails, and best security practices. And be sure to train all employees and make them a part of the solution by emphasizing their critical role in protecting company information.
3.Test the security savvy of your employees. Create an understanding of the level of your employees’ security knowledge in order to ensure they are engaging in safe behavior.
Vendors and VARs can help enterprises and organizations develop industry-specific protocols to train employees and safeguard against cyber attacks. Training programs can replicate phishing emails and other attacks to measure employee abilities to identify social engineering schemes and protect against breaches.
And Kaspersky underscores the importance of employee training in an eBook, stating, “It’s important to train employees before you have a data breach. Don’t wait to react. Create policies that assume you’ll be infiltrated, and then help employees learn what they should do (and not do) to keep your business safe.”