It’s no secret that the weakest point of any company’s cyber security is its people. Making sure that everyone from the CEO to the temps and interns know how to recognize a phishing attack has been a major priority and a headache for IT security professionals. A lack of knowledge among your employees can have some serious consequences. What do these consequences look like? Let’s take a look.
Who is responsible when you’re a victim of cybercrime?
You might be under the impression that you are safe and that you have nothing to worry about. Nothing can be further from the truth. Companies big and small are a target for cybercrime and when it happens, you as a company are responsible for potential data theft and everything that follows.
You may be investigated and clients will question you about what you did to prevent this from happening – and if the answer is not adequate, you can be found liable, facing serious fines and lawsuits. Claiming ignorance is not an acceptable defense, and every revenue loss from your clients will be your responsibility.
Ways that cybercrime can affect your company
One of the worst things that can be done when suffering from a data breach is trying to cover up what has happened. History has taught us that this can lead to expensive lawsuits so being honest with your clients and trying to find solutions is the best way to go.
Honesty can help you keep your clients, because while a data breach is not pleasant, if you keep in touch and help them recover you will be able to keep a good name in the business.
Government Fines, Legal Fees, Lawsuits
Breach notification statutes remain one of the most active areas of the law. Cybercrime and data security laws are hype right now, and companies need to keep up with the changes and make sure they comply.
Everybody, from big companies to SMBs need to make sure they follow the regulations in place to make sure they avoid fines and not only.
Cost, After Cost, After Cost
Each and every data breach or ransomware attack generates cost. First and foremost all the work that needs to be put into solving the issues that intrusion has caused. Second, the loss of sales also piles up to a hefty sum. All the repairs to your systems and your customers also cost, not to mention if you get a fine or a lawsuit from customers the sums can end up putting a company out of business.
According to the Cost of Data Breach Study conducted by Ponemon Institute, the average cost of a data breach is $225 per record compromised, after factoring in I.T. recovery costs, lost revenue, downtime, fines, legal fees, etc. How many client records do you have? Employees? Multiply that by $225 and you’ll start to get a sense of the costs to your organization.
Using YOU As The Means To Infect Your Clients
Some hackers don’t lock your data for ransom or steal money. Often they use your server, website or profile to spread viruses and/or compromise other PCs. If they hack your website, they can use it to relay spam, run malware, build SEO pages or promote their religious or political ideals. (Side note: This is why you also need advanced endpoint security, spam filtering, web gateway security, SIEM and the other items detailed in this report, but more on those in a minute.) Are you okay with that happening?
What can you do to keep safe?
The first step in protecting your organization is having a comprehensive and dynamic cybersecurity solution in place, including protecting your email. There are several in the marketplace, with varying degrees of protection from cyber threats out there. Here at Prominic we typically utilize Proofpoint and Sophos solutions.
However, the most important step you need to take in order to keep safe is training your employees in order to have the tools and knowledge to identify potential threats and respond to them responsibly. Remember, no matter the solution in place, it doesn’t protect you from the human factor, someone clicking on a link or opening an email or an attachment they shouldn’ have, which is increasingly difficult given the constant evolution of phishing and social engineering campaigns out there. As those campaigns become ever more sophisticated, you have to keep up with training on those trends, and testing your employees’ awareness continuously.
A great program SMBs can use is Proofpoint’s Essentials – Security Awareness which delivers the right training to the right people at the right time. It turns your end users into a strong last line of defense against cyber attacks.
Delivering the training your users actually need is the key to a security awareness program
that works. The ThreatSim Phishing Simulations reveal how susceptible your users are
to a wide range of phishing and spear-phishing attacks. With thousands of different
templates across 13 categories, you can assess users on multiple threat types, including:
- Malicious attachments
- Unsafe URLs
- Requests for personal data
You also need to keep your training up to date with the ever-changing threat landscape.
New templates are added every week to make sure current attack trends are included.
Proofpoint’s Dynamic Threat Simulation phishing templates are drawn from:
- Proofpoint threat intelligence
- Customer requests
- Seasonal trends
When a user falls for a simulated attack, they receive “just-in-time” teaching. They learn the
purpose of the exercise, the dangers of real-world attacks, and how to avoid future traps. You can also assign training automatically to anyone who falls for a phishing simulation.
If you want to know more about Proofpoint’s Essentials–Security Awareness and how it can help you keep your company safe, just contact us and we are more than happy to help.