With many organizations changing from office based to remote work, maintaining cyber security is vital but harder to enforce. Workers from home are targets for cyber criminals who are trying to penetrate organizations through unsecured home networks.
As noted in a recent Cyber Security Intelligence post, businesses usually base their cyber security investments on technology. While technology must be part of the solution, the individual user is the first line of defense. Employees must be trained not to click on phishing emails, to use strong password and to report suspicious activity.
According to a report by certification organization Comp TIA, over half of employees have not received effective cyber security training. 96% save passwords on their devices. Training limited to an instructional video or presentation is too broad to cultivate needed skills for safe operations.
For large organizations, cyber security is an information technology responsibility while training is the responsibility of human resources. If IT does not know how to train, and HR does not understand cyber security, training will be dysfunctional. Small organizations may lack expertise in one or both areas, and not know where to turn for help.
Security training must be more than an annual "check the box" exercise. It must be interactive, engaging and provide employees with real time testing (a challenge in this critical time). Employees need to know that their social security numbers, credit card information and login credentials are targeted by cyber criminals, and know how to avoid their attacks.
We are at the beginning of an electronic revolution - the 4th Industrial Revolution - which is transforming work and society. 3D printing, data driven vehicles, robotics and biotechnology are part of this revolution. As noted in my previous post, quantum computing will increase both the opportunities and the risks.
Cyber attacks in the US cost $650 billion in 2019, with the percentage of businesses targeted going from 40% to 55% in a year. Only 27% of organizations have trained their employees in the last 12 months.
Cyber Security Intelligence will issue a series of reports on cyber training. For more information go to www.cybersecurityintelligence.com.