There are lots of things to be aware of in October, with 31 days of recognition for everything from breast cancer and dental hygiene to the equally weighty issue of squirrel awareness. In addition to these and many more observances, October also serves as Cyber Security Awareness Month.
Cyber security is a major issue in today’s interconnected world, with 50,000 new security threats emerging each day. According to the 2012 Data Breach Investigations Report, there were roughly 855 major data breaches recorded around the world in the previous year. It may not sound like much, but these breaches resulted in roughly 174,000 compromised records that cost companies billions of dollars.
As organizations develop security strategies to protect sensitive proprietary or customer information, the majority of dollars and hours are spent on technology. Which in fairness makes a lot of sense. Anti-virus programs, encryption software, and other digital theft deterrents are essential. But there’s a far more vulnerable area that receives far less attention . . . people.
Cyber security starts with behavior change.
It may come as a surprise that with all the advancements in technology, one of the most effective methods of “hacking” is good old-fashioned trickery. In the world of security it’s called social engineering, and refers to deceiving and influencing someone to share access-granting information. It could be an email that releases malicious code when opened, a charming phone call that induces an employee to share a password, or even a free hardware delivery that’s loaded with malware.
Sadly, there’s no computer program that can protect organizations from these kinds of attacks. The best protection is equally old-fashioned: education. Implementing behavior change training to create awareness and vigilance among employees is one of the most effective information security safety measures an organization can take.
Simple lessons can lead to iron-clad behavior change.
Where do you start? At the beginning. When it comes to social engineering, nothing is too small or too trivial to be overlooked. Employees should be trained to never give passwords or authentication information to anyone they don’t know personally. To never accept gifts from an unknown entity. To avoid posting any potentially sensitive information to social networks, no matter how innocent it may seem.
Teaching people to protect themselves from social engineering often seems like a course in using common sense. In truth, it often is. But a moment of carelessness is all an experienced hacker needs to gain entry into your network and all the treasures it contains.
So as you continue to observe and celebrate Cyber Security Awareness Month, take a moment to determine the role behavior change currently plays in your cyber security strategy.