Hackers executed nearly 1,100 large-scale enterprise data breaches in 2016, according to the Identity Theft Resource Center, exposing an estimated 36.6 million sensitive files. But more significantly, it was the error of a single user (not a break in a firewall, etc.) that led to most large data breaches.
For example, an estimated 81 percent of all hacking-related breaches that occurred last year involved stolen or weak passwords, according to research from Verizon Wireless. Sadly, IDTC analysts believe the total number of breaches will increase once more this year and surpass the historic high registered last year if steps aren’t taken to educate more employees – particularly non-IT personnel.
Most organizations understand the digital threats they face are dire and continue to search for new ways to protect their digital assets. However, backend software is not enough. Businesses must do a better job arming their employees with the information they need to combat attacks on the frontlines.
In 2015, the Computing Technology Industry Association connected with 1,200 American workers and asked them to characterize the employer-provided data security training they had received. Approximately 45 percent said they had received no such instruction. More worryingly, 94 percent attested to connecting their enterprise devices to unsecure public Wi-Fi networks, while only one-third of respondents who reported managing 10 or more login credentials said they had at least 10 unique passwords.
More worryingly, an estimated 39 percent of workers have knowingly opened suspicious email, according to research from Software Advice. Additionally, nearly half accept social media invitations from strangers. These particular behaviors are especially problematic in today’s threat environment, as malware delivered through email accounted for a massive number of data breaches in 2016, Verizon found.
Develop effective policies
This seems like an obvious solution. However, many organizations gloss over this aspect and instead attempt to police network usage on a case-by-case basis, assuming that users inherently understand what they should and should not be doing while online. This an ineffective strategy for numerous reasons.
Employees need baseline guidance on how they should behave while using enterprise hardware and software. The ITRC advises all companies to establish exhaustive use policies that address everything from simple device use to data breach mitigation protocol.
Embrace consistent training
Businesses looking to bolster and expand their data security practices this National Cyber Security Awareness Month should consider adopting new training strategies. Companywide training is the most effective the best method for getting all workers involved in data security defense activities. In fact, some experts say it is the most powerful weapon against modern hackers, Harvard Business Review reported.
That said, implementing one of these programs is no easy task. Good training costs money. But even the most robust training initiative carries a significantly smaller price tag than the average data breach, which costs more than $3.6 million, according to IBM and the Ponemon Institute. Time usage is another common sticking point, especially among workers who already feel overburdened. However, in today’s technology-driven business world, there are few things more important than protecting critical digital infrastructure that can paralyze business operations if compromised.