The statistics are staggering and stakes are rising as businesses try to defend themselves and their data from almost constant cybersecurity threats.
Here’s just a sampling of the alarming numbers and trends getting attention during October’s annual National Cybersecurity Awareness Month:
- New ransomware (a type of malware that holds data hostage unless a ransom is paid) attacks occur every 14 seconds, and experts say the frequency of those attacks surged 77% in the first half of 2019.
- Cybercrime overall is costing the global economy $2.9 million per second, or $1.5 trillion a year. The average cost of a data breach to companies increased to about $1.41 million in 2018, up from $1.23 million in 2017 and enough to cripple many small businesses.
- Company spending on cybersecurity is expected to rise to $124 billion in 2019, up more than 141% since 2010.
- While 4 out of 5 Americans say they are “somewhat” or “very concerned” about being a cyber-attack victim, just 41% say they have cybersecurity software and only 31% say they regularly change their passwords.
Most employers are investing in technology and bolstering data security staff. But the most effective thing employers can do is to educate and train their employees to spot anything suspicious and refrain from opening questionable emails, texts and files without checking with information technology staff, PartnerComm’s Information Security Specialist says. And engaging employees with effective training programs requires clear and consistent employee communication.
Our expert is far from alone. One recent survey found that 50% of cybersecurity professionals believe that inadequate employee awareness is their company’s single greatest security threat.
He says the most important message to communicate is to “just use a little common sense. If it looks suspicious, it might be. Be careful. Get it checked out before you open it.”
Strict procedures, protective computer programs and good training do not make an organization immune to cyber-attacks and everyone is at risk of being infected at any time.
“It’s like a common cold. They call it a computer ‘virus’ for a reason.” – PartnerComm Information Security Specialist
Implementing effective cybersecurity policies and enacting strong digital defenses are priorities, but employers must ensure employees get the message by communicating clearly and in a creative, engaging way. Among the most effective tips and practices for employees:
- Be suspicious! If you’re not sure whether that text or email or social media post is legitimate, don’t open it. If it’s at work, get it checked out by your information technology staff. The Department of Homeland Security encourages Americans to report phishing and cybersecurity incidents.
- Use security software on all devices. Companies and individuals need to install and use security programs to protect their devices. It’s smart to keep those digital security tools updated.
- Put thought and effort into your passwords. Don’t make your passwords easy to guess by using your name or your pets’ names, because they can often be found on social media. Use a mix of letters, numbers and symbols. And don’t share your passwords!
- Consider using a password manager. Many security experts recommend it not just because they store your passwords, but because they also help you generate strong, unique passwords in the first place. It helps you simplify this aspect of cyber protection.
- Increase your login protection with dual-factor authentication. This two-step process is a second way of authenticating yourself in addition to your password. In most cases, it’s a simple numeric code sent to your cellphone, but it can also be a fingerprint.
- Avoid using public wi-fi or Bluetooth unless you use a VPN (virtual private network). Sitting down at your favorite coffee shop and using the free wi-fi can expose you to all sorts of potential trouble unless you protect yourself. The best way to do that is using a VPN. A variety of VPN services and apps are available online.
- Don’t overshare on social media. Don’t reveal everything about yourself on social media. You should especially avoid posting too much detail about finances or children. Hackers, phishers and others up to no good can use that information to defraud you or others.
- Be careful with the Internet of Things (IoT). If you can use devices to connect to your refrigerator, thermostat or security system, so can hackers. And that can provide a gateway to allow someone to digitally break in to your appliances and systems — including any security cameras you have set up.
- Be wary of clicking on hyperlinks in emails and texts. Getting unsuspecting people to click on questionable links is a favorite tactic of fraudsters trying to hit you with a phishing, malware or ransomware attack. It’s always smart to hover over inks to verify their authenticity and to ensure that URLs begin with “https.” For mobile users, on iOS for example, you can press and hold the URL to preview it.
- Back up your data regularly. Determine what’s essential to keep and identify the data you need to back up. Your backup needs to be kept separate from your computer, on a USB stick or a separate drive or even a separate computer. You also should consider using the cloud.