A FREE Year of Identity Theft Monitoring!
Last week my wife received a letter in the mail notifying her that she had just won a free year of identity theft monitoring! Yes another organization had failed to protect personal information properly and was breached. As you can imagine we were thrilled to win something free (please read in your best sarcastic tone). She asked me, “When are people going to start protecting my data?” I didn’t have a response. Those of you that know me understand that not having a reply to something is not normal and she picked up on this right away, “Are you listening to me?” she asked.
I was listening I just didn’t know what tell her since the answer is really not a pleasant one. I speak to organizations on a daily basis about the importance of securing information and setting guidelines and rules for employees. Of course without educating the ‘front lines’ those very same employees are often left to fend for themselves.
That’s where most companies fall short and according to various studies is probably one of the most important; education.
An example that my partner always uses in his talks is this:
An employee is sitting at her desk in the office and a pop up appears that reads, “Your ABC Anti-Virus is out of date and your system is vulnerable. Click here to update your ABC Anti-Virus now.”
Fill in “ABC” with any popular anti-virus name. Is this legitimate? Do you know what type of anti-virus software your company employs? Most employees who are not connected to IT do not. If you click on the pop up and it isn’t legitimate odds are you are now infecting not only your system but the entire company network. That is a small example of what information IT security professionals should be using to educate their employees and there are hundreds more.
A study by Wombat Security and Aberdeen Group in January 2015 found that boosting cybersecurity education among employees can reduce the risk and cost of a breach by 70%! That is incredible and something that as organizations we must focus on. If your organization is not conducting cybersecurity training at least annually (quarterly is what I recommend) then don’t be surprised when you receive the same letter my wife did…or you’re typing those letters and sending them to your customers offering them the FREE service. Free for them…very costly for you.