Why cybersecurity awareness is a team sport

January 12, 2021 | Mayleen Menez

cybersecurity awareness

Image Source

This blog was written by an independent guest blogger.

Cybersecurity may be different based on a person's viewpoint. One may want to simply protect and secure their social media accounts from hackers, and that would be the definition of what cybersecurity is to them. On the other hand, a small business owner may want to protect and secure credit card information gathered from their point-of-sale registers and that is what they define as cybersecurity.

Despite differences in implementation, at its core, cybersecurity pertains to the mitigation of potential intrusion of unauthorized persons into your system(s). It should encompass all aspects of one’s digital experience--whether you are an individual user or a company.

Your cyber protection needs to cover your online platforms, devices, servers, and even your cloud storage. Any unprotected area of your digital journey can serve as an exploit point for hackers and cyber criminals intent on finding vulnerabilities. 

People assume that it is the responsibility of the IT Department to stop any intrusion. That may be true up to a certain point, cybersecurity responsibility rests with everyone, in reality.

Cybersecurity should be everybody’s business.

The cybersecurity landscape is changing. With 68% of businesses saying that their cybersecurity risks have increased, it is no wonder that businesses have been making increased  efforts to protect from, and mitigate attacks.

During the height of the pandemic,  about 46% of the workforce shifted to working from home. We saw a surge in cybersecurity attacks - for example, RDP brute-force attacks increased by 400% around the same time.

This is why cybersecurity must be and should be everybody’s business. According to the 2019 Cost of Cybercrime Study, cyberattacks often are successful due to employees willingly participating as an internal actors or or employees and affiliates carelessly clicking a link by accident.

Sadly, it is still happening today. Unsuspecting employees can be caught vulnerable and cause a corporate-wide cyberattack by opening a phishing email or bringing risks into the company’s network in a BYOD (Bring Your Own Device) system.

Just a decade ago, Yahoo experienced a series of major data breaches, via a backdoor to their network system established by a hacker (or a group of hackers). Further digital forensic investigation shows the breach started from a phishing email opened by an employee.

Another example was Equifax when it experienced a data breach in 2017 and was liable for fines amounting to $425 million by the Federal Trade Commission (FTC).

Companies continue to double up on their investments in cybersecurity and privacy protection today to ensure that incidents like these do not happen to their own networks. But a network is only as strong as its weakest link. Hackers continue to innovate, making their attacks more and more covert, sophisticated, and damaging.

Recent changes in cybersecurity

One of the recent changes in how hackers attack is to shift from harvesting information to disruption of information integrity, which can lead to the company’s destruction. It is an alarmingly dangerous ploy, usually by ransomware attackers.

Many well-known companies and brands that became victims of data breaches have efficient IT teams. Yet most intrusions came through something as simple as a phishing email opened by a staff member while connected within the private network.

From this initial infection, the hacker may be able to gain re-entry into the system by leaving a back door open. The hacker could use this backdoor to repeatedly search the network and servers for information that they could harvest.

With this in mind, the onus is on companies to ensure employee awareness of cybersecurity threats. Yes, there are advanced software solutions protecting a company's sensitive data, but cybersecurity experts agree that the human element is a weak link in the security chain.

And so, building cybersecurity awareness within the staff must be prioritized. Staff training is crucial so they too are prepared for a data breach or malware attack. Everyone is a possible target for a data breach. Being aware of this, one should know the latest cybersecurity threats created to target users and system vulnerabilities.

Sometimes you may not even be the primary target, but your connection is a way to access others who will most likely open an email that comes with your name attached to it. From there, a hacker may be able to attach an infected file or document.

Common cybersecurity awareness tips

  • Choose to use safe, secure, and private connections. Only connect and exchange files within these connections, and only with those you trust also within a protected connection. There are a lot of VPN solutions you can choose from to aid in this.
  • Never open or access sensitive data over a free public WiFi connection. Public free WiFi is an unsecured location because appropriate security measures may not exist.
  • If you are handling sensitive information, encrypt your data and make more than one back-up, both in your server and a cloud storage solution you trust.
  • If you access sensitive information using a particular device, run your preferred security software on it. Also, make use of potent passwords to be able to open your device.
  • Think before you post anything online. By sharing too many details about yourself, you may be putting yourself, your family, and your company at risk.
  • Use two-factor (2FA) authorization for increased security. It may be cumbersome, but it should be a norm given the intensity of compromised security access attacks.
  • Regularly update your apps and software to get the latest features, patches, and fixes for any detected vulnerability in the software's security.

Conclusion: Establish cybersecurity awareness protocols

Ensuring data authenticity and secure touchless solutions creates trust between the company and the customer. Without building cybersecurity awareness within an organization, the company puts itself at unnecessary risk and damages.

This is why cybersecurity awareness is an integral part of any security protocol. A clear awareness of cybersecurity will minimize attacks caused by carelessness or ignorance. Everybody needs to be proactive in protecting their data from unauthorized views and misuse.

Data stability, integrity, and storage will be heightened when there is increased cybersecurity awareness across the organization, where individual users think of the whole in all their digital activities. The whole team is also involved in ensuring stored data is complete, accurate, and uncompromised.

Mayleen Menez

About the Author: Mayleen Menez

Mayleen Meñez worked in media for almost seven years in TV, radio, and post-production as a Graphic Artist/Editor. Finding her true passion for NGO and community development work, she devoted 15 years as a coordinator and teacher, travelling both in the Philippines and countries in Asia. She homeschools her three kids and reinvents Filipino dishes in her spare time. Writing has always been a hobby and pursuit, and she recently added content writing with Softvire Australia and Softvire New Zealand up her sleeve, while preparing for her next adventure in the nations.

Read more posts from Mayleen Menez ›

‹ BACK TO ALL BLOGS

Get price Free trial