What you can do to help our organization become cyber-smart.
The most haunting part of 2015’s cyberattack against healthcare provider Anthem Inc. wasn’t, that the personal information of 80,000 million consumers were strewn all over the internet, or even that it may end up costing the company upwards of $16 billion. It’s that, in terms of sophistication, the attack was about as sophisticated as your average moped. And it still created that much damage.
Make no mistake—the cyberwars are heating up and whether you own a business, work for a business, or simply do business with other businesses, this affects you. You are a target. The only way to avoid a cyberattack on your business is to protect yourself and your colleagues by becoming cyber-smart.
What Can You Do?
Realize our organization is only as strong as its weakest link. It is not the weakness of our technology that is mostly likely to become our downfall, but the weaknesses and daily actions of you and your colleagues.
In a Los Angeles Times article, Pulitzer Prize winning financial writer Michael Hiltzik, made a singular comment that should instill fear in all of us.
“The means [of the attack] may have been “phishing”–using a fraudulent email to trick any of those employees… That’s not a sophisticated technique, but it works. It means exploiting the human element.”
Make that your takeaway. One person, a single employee—maybe even you!—can compromise our organization’s entire network without realizing it, without any ill intent, simply by failing to recognize a suspicious message.
Once you understand that human weakness is your biggest threat to security, you can take steps to prevent it. You need to do more than just spot phishy emails, you must recognize the many ways hackers may attempt to penetrate a system. You must also recognize the scenarios that could lead to compromised data how to prevent them from taking place.
All of us can be walking security nightmares. We log on to Facebook and into personal email while on company machines. We travel with our company computer, bringing it to off-site meetings, to conferences, to training seminars, and out to lunch (where we may use unsecure Wi-Fi). And if we’re not paying attention, we might misclassify data that we just didn’t recognize as needing special protections.
By regularly reviewing our policies regarding mobile computing safety, records management, password guidelines, responsible social networking, and how to protect and handle data, you will know what to look for and where vulnerabilities lie.
You are one of our greatest assets, but if you’re not well-informed about threats, you can also be the greatest weakness.