Human Error is a Hacker’s Best Friend – Don’t Be Caught Unaware
In the last two blogs of our email security series we spoke about the critical role played by email threat protection and email continuity in keeping an organization’s data secure and ensuring uninterrupted workflow when a breach does happen. But do you know what the biggest and most common cause of a security breach is? It is human error.
In 2017, over 90 percent of the security breaches that happened globally were results of human error (Willis Tower Watson, 2017). What’s more worrying is that, as of 2019, the probability of an organization having a major data breach involving about 25,000 records and an average cost of $3.9 million, is 29.6% (Ponemon/IBM 2019). That can be a big blow to large organizations but for small and medium organization it could be absolutely fatal. This is precisely why proper security awareness training for your employees is the third and most crucial piece of the email security puzzle.
Well, now that we have established the importance of security awareness training, the next question is, how do you do it right? And given the constantly changing landscape of cyberattacks (phishing, hacking, malware attacks, etc.), how does an organization ensure that its employees are always up-to-speed? It’s simple- find security awareness training that has the following covered:
1. It is engaging
This might sound cliché but let’s face facts -however critical your training material might be, if it is uninteresting and unengaging then the chances of employees retaining it are very low.
2. It prepares you for the real-world
A security awareness training wherein you just read (or see a video of) a topic and then answer questions is the least effective way of learning about security. The most effective training is one which creates real-world scenarios to learn from. For example, this phishing quiz by Google has interactive questions very similar to actual phishing attempts.
3. It takes into account that no two people or companies are the same
This is where a lot of security awareness trainings fail. They treat all employees and organizations the same way. An effective security awareness training is one that can differentiate between your low-risk and high-risk employees based on multiple factors.
4. It can be customized or personalized
Once the risk scoring has been done, the training module needs to be customized to better train and prepare the high-risk employees for cyberattacks.
At ECHO we take security awareness very seriously, which is why our security partner of choice is Mimecast. Not only does Mimecast Awareness Training cover all the above but it will soon start including “de-fanged real phishing attacks” as a part of their training modules. So instead of a “close to real-life but made up” phishing test you will be dealing with an actual but harmless phishing attack that will just pop-up in your email when you least expect it- because isn’t that how phishing truly works. Ready to get your employees security awareness trained? Get in touch with ECHO today!