Planting Seeds: Cybersecurity Education
Despite the recent strides by the financial industry towards improving cybersecurity policies and safeguards, we hate to admit it, but human error tends to be the weakest link of any defence practices firms have in place. Flying under the radar and opening the malware floodgates with one click of a spoof email are employees ill-informed of cyber threats and potential risks.
Unbeknownst to the employee, upon release of their mouse they have guided hacktivists into his or her company’s network, exposing business critical information, financial records, and passwords. But that’s just the beginning. The quantity and severity of subsequent damages are limitless, but so are the opportunities for improvement in the firm’s case.
Let’s rewind back to the beginning - prior to clicking, but post-receiving the malicious email. An employee who is educated on cybersecurity and internal policies due to company mandated training programs would carefully analyze the message before opening. This means checking to see who the email is coming from, if the subject line looks “spam-like”, if links in the email appear to navigate to an unknown URL, and more. If the individual doesn’t sense any red flags within the email address, subject, or sender, then he or she may proceed to open the email. Upon doing so, the employee can further check the legitimacy of logos, outlandish requests such as asking for money via a wire transfer, spelling errors and hovers over URLs as many cybercriminals will alter just one or two letters from the authentic address. Upon performing their due diligence, the employee would then proceed to verify the email’s legitimacy with proper departments.
Firms that plant seeds at the early stages of employee onboarding by implementing mandatory security trainings not only foster education, but also help mitigate the opportunities for an internal breach. Additionally, firms that develop multiple layers of security, Written Information Security Policies (WISPs) and incident response plans are far more likely to recover quickly and experience marginal loss should an incident occur. Although evading cyber threats entirely is impossible, it is requisite for a firm’s continued success that they develop strong cybersecurity programs both internal and external to the firm. By building a strong human firewall, your firm will be that much closer to mitigating security breaches as hackers today are far more sophisticated than ever.