In less time than it takes to finish reading this article, your organization’s internet security could be compromised.

A data breach. It happens in an eyeblink. In mere fractions of a second, massive amounts of data move between locations. And data breaches are on the rise. Bloomberg reports a 40 percent increase in data breaches within U.S. companies and government agencies between 2015 and 2016 alone. Risk-Based Security reported over 2,200 data breaches in the first 6 months of 2017, representing the exposure of over 6 billion records.

You read it right: that’s ‘billion.’ With a ‘B.’

The recent breach at Equifax exposed the personal and financial information of 143 million Americans in a data breach that wasn’t discovered for several months. Considering that Equifax is one of 3 major credit reporting corporations, you may well be one of the people affected.

Cyber breaches come with a price tag. Recent estimates place the cost of the average cyber breach around $1.3 million for large companies. Smaller organizations can expect to pay an estimated $117,000 per incident.

It’s a powerful case for the old saying that begins with ‘an ounce of prevention…’ and prevention begins with training. Here are four practices that can help protect your company from a cyber breach.

    1. Embed cyber security training programs into the culture of the company.Cyber security should be practiced by everyone in an organization. It is the responsibility of every person in the company to practice safe surfing. If company servers are used to access the web in any way, by anyone, a high level of vigilance is vital to the organization’s security. The same is true of any devices that have access to an organization’s intellectual property or data, including laptops, mobile phones or tablets. Security hackers are opportunistic and exploitative. Just as they have no room for conscience, an organization has absolutely no room for complacency when it comes to the security of your data networks.
    2. Incorporate cyber security training programs into the training and development of all employees.Make sure that HR is aware – and pro-active – regarding the urgency of cyber security training programs. New employees should all be trained on the safety of the company’s networks. But existing and veteran employees, supervisors, and managers should all receive training on how to keep an organization secure. A majority of IT professionals say that careless employees are the root cause of cyber security issues. To a potential attacker, an opening is an opening, whether the computer belongs to a sales assistant, a shift supervisor, or a regional manager, or the CFO. And any careless activity on the part of any member of the organization is an invitation to attack. Never fall into the trap of ‘it won’t happen to me.’
    3. Stay current on the latest developments in both cyber security and cyber attacks.Speaking of traps, it’s simply not enough to know that cyber attackers are out there. Vital to a company’s internet security is the practice of staying up-to-date on developments in cyber security training programs. This means knowing – and exercising – best practices, actively using internet security hard- and software, and training all members of the organization to be vigilant. Keep an eye on the latest reports of cyber attacks for a couple of reasons. First, if they attack one of your peers, you may be a target as well. Second, there are always lessons to be learned from a security breach. If you were fortunate enough to survive another organization’s breach, learn from their mistakes. You may discover new actions to take that weren’t obvious before.
    4. Work with reputable and trustworthy partners, such as KMI Learning for your training and Infrared Security, to provide internet security consultation at all levels of your organization.This cannot be over-emphasized. Companies like KMI Learning and Infrared Security understand that cyber security is the responsibility of everyone, from your company’s software and application developers to the end-users of those tools. They are also well-informed regarding the latest developments in the fight against cyber security issues. Consider that a typical organization today is immersed in its connections to the ‘net. Navigating the internet takes guidance, skill, and a deep understanding of the risks involved.

There is no guarantee against a cyber attack. New threats are always showing up. And there is always a risk. But a little common sense, shared with all the members of an organization, together with a dedicated and committed partner in cyber security, will go a long way in keeping the company safe from nefarious and malicious activities.

Check out our cyber security course for all employees. If you employ software developers you’ll want to take a look at our suite of application security courses.

Custom Security Awareness Content

Your company has just endured yet another security breach. One of your employees left an open iPad on a table with friends at Starbucks. One of the friends jokingly sent an email to the employee’s entire department. The contents of that email were, shall we say, colorful.

The thing is you had conducted security awareness training for all employees. How could this employee have made such a silly mistake? Well, first of all the employee might make better choices in friends. But beyond that, why didn’t the training change the behavior? Why wasn’t this employee aware of potential security hazards?

Obviously, security awareness success is an effective combination of implementation of the technologies available to prevent compromises and appropriate human behaviors. While it may be tricky to keep pace with changing technology, it may be even trickier to impact the behaviors that can lead to security issues. Training is definitely a huge piece of this puzzle.

While there are many options available for generic off-the-shelf security awareness eLearning, these courses may not really address the specific security challenges of your organization. At one Financial Services organization, security of systems, processes, and information was critical to the corporation’s success and growth. And, security of clients’ information was a cornerstone of their corporate values. Because of the Company’s business, their security concerns were very specific. The Company faced a challenge: how to formalize these security awareness protocols so that it was easily accessible, consistent, adaptable and applicable across the global population. And, perhaps, most importantly, how to ensure that sharing this information would truly improve behaviors.

Creating an online training program that demonstrated the tools, behaviors, policies and procedures around security requirements provided an exciting, engaging and memorable vehicle for educating the corporate population, scalable and accessible across business units, departments and global offices. KMI Learning developed a series of rich eLearning modules, following a narrative scenario style that provided the underlying security foundation in a compelling way and that is accessible on –demand, to every employee world-wide. Not only that but the courses revolved around a set of characters that were relatable and were in situations that were unique to the Company. Employees saw themselves in these situations. They saw how the policies could and should be applied to their daily work life. They were able to practice decision-making and applying security awareness strategies within the modules with no ramifications for the Company. While these interactions were fun, they were also memorable, easily brought to mind when similar situations arose in real life.

As a result of this Security Awareness program, the Company has experienced a significant, quantifiable, positive change in employee behavior related to security. There has been a significant decrease in security breaches and improvement in routine security measures. And, employees are vested in the series, they anticipate the updates and look forward to seeing in what new situations the characters find themselves.

No longer would an employee not think about leaving an iPad untended!