Expect the Unexpected- Raising Cybersecurity Awareness in Your Organization
July 29, 2016
What is your first reaction when you hear the words cybersecurity and security awareness? The topic of cybersecurity awareness is frequently mentioned in business, but it can be vague, and many people likely dismiss it quickly as something their organization makes them do, similar to reading a policy. But the right story can help you build awareness of this issue and show just how a little more attention can help create compelling results.
All Together Now
Cybersecurity isn’t just something the IT department does. In fact, it encompasses just about all areas of an organization, including physical security. Everyone has a role.
Being aware means being present and paying attention to what is going on around you. Sounds simple enough, but look around. How many people are aware of what’s going on around them? Cell phones have certainly added to the distraction factor. Perhaps some people are wearing headphones, listening to music. Encouraging individuals, at all levels, to be more aware is excellent advice and an easy way to improve cybersecurity awareness.
Sounds easy enough, but is it? Awareness is a conscious effort. It is easy to go through the motions of the day on autopilot while thinking about what you would rather be doing. Most of us do this occasionally throughout the day. The goal isn’t to convince people to be negative or pessimistic, rather slightly less trusting. Here is where the potential payoff or benefit can come into play.
Don’t Ignore the Flags
If you received an email from a trusted executive to process a transaction, would you automatically do it? What if the request seems out of the ordinary? Perhaps the email states why the request is needed, which negates any concerns. The email sender is trustworthy enough, right? Is the business you are transferring funds to a name you recognize? How about spelling? If a business name is spelled incorrectly, would you dismiss it as carelessness or stop and question it?
This is not an entirely uncommon scenario. It is also a technique hackers are using to get recipients to transfer funds, urgently, before the email recipient thinks to question or seek confirmation. The request gets processed as directed, without any questioning. Later it’s discovered the sender’s name was spoofed, it never originated from anyone within your organization, and the money is gone.
This scenario didn’t involve IT, nor is it overly complicated. If you figured it out as you were reading, good for you for thinking a step ahead and chalking a win for cybersecurity awareness. It may seem obvious, but according to recent estimates $2.3 billion has been lost over the last three years using this technique.
A simple solutions is to always request a two-step approval process, or confirmation from the actual executive, prior to sending. It may seem like common sense, but it does require individuals to be aware. If it wasn’t effective, the “bad guys” wouldn’t keep trying to lure unsuspecting employees.
Part of the Solution
If you’re still reading, you just participated in cybersecurity awareness. Sharing examples, educating employees, building awareness, and making the topic interesting are easy ways to help increase any organizations cybersecurity profile.