A typical office desk. Image: Mattes / Wikimedia / Public Domain
As U.S. Cybersecurity Awareness Month coming to an end, it remains important to note that cybersecurity should always be a focal point, not just in the month of October.
This is not least because most countries are in the midst of a cyberwar. Here businesses from all industries — whether major universities, police departments, law firms, medical institutions or others – are being targeted by cyberattacks.
For example, enterprises continue to turn to security tools for their security needs, but oftentimes ignore one crucial element – their employees. Just this past year, the largest security breach was due to an employee creating the password “solarwinds123”.
An example of proactive action, the company Relativity has created a Security Guardians Program, which includes phishing trainings and other elements, to educate, empower and engage its employees to nurture a healthy security culture.
Amanda Fennell, Chief Security Officer (CSO) and Chief Information Officer (CIO) at Relativity, explained to Digital Journal why it is important to build a culture of security within an organization that brings the responsibility of security down to an individual contributor level.
According to Fennell, people are the strongest link in the security chain and it’s important to train them and equip them with the security tools they need to be successful. To support this, consistent education, training and good tech is vital to ensure that employees – and company – don’t fall victim to a phishing attack. Although phishing attacks can be quite simple in nature, the sheer scale on which phishing campaigns are executed makes it the #1 threat for employees
Moreover, Fennell explains, building in a phishing training and simulation course into onboarding trainings for new employees and consistently test both new and old employees with monthly phishing simulations is necessary in order to strengthen and refine phishing awareness and reporting muscles.
Citing an example, Fennell explains that following implementation of these tactics, Relativity saw a 40 percent drop in terms of employees taking incorrect actions and consistently see a sub 3 percent “hook-rate” on employees in its monthly phishing simulations.
It is Fennell’s view that to discuss this program and how enterprises can take necessary steps to strengthen