Don’t Help the Hackers!
Data breaches and cybercrime are in the news, each day a new headline about a major cyber security incident. Even as organizations spend millions of dollars on cyber security technology, sensitive data are being compromised by hacker groups. As cyber security experts become smarter, experienced cyber criminals work to stay a step ahead. New online security threats seem to emerge overnight – phishing, social engineering, and ransomware to name a few. These schemes are increasingly sophisticated and harder to recognize.
Reducing human error is one way to significantly mitigate your cyber risk. Let’s face it; people are going to make mistakes. According to leading industry and government reports, over 90% of all cyber attacks are successfully executed with information stolen from employees who unwittingly give away system access to hackers.
Some of the common errors that employees make are:
- Using a weak password
- Sharing passwords with other colleagues
- Careless Data Handling
- Sending sensitive data via email by mistake
- Accidentally deleting files
- Inadequate Software Security
- Disabling system security features
- Neglecting system updates
- Low Security Awareness
- Clicking on malicious email links
- Using or downloading unauthorized software
- Plugging in unknown or unsecure devices like flash drives
- Ineffective Data Access Management
- Too broad employee access privileges
- Unprotected data files
So what does this mean for your agency? The longer it takes to address the human error of data breaches, the more exposure of falling victim to a cyber breach. Several best practices can be implemented right now to greatly reduce your risk:
- Frequent Mandatory Trainings – Training should include how to recognize a phishing email, creating strong passwords, avoiding dangerous applications, transporting information outside the organization, and other relevant user security risks. Keenan SafeSchools contains online training courses available: Password Basics, Cyber Security Overview, and Protection Against Malware.
- Create a Cyber Security Policy – Make sure your agency has a manual that documents step-by-step procedures, especially for deleting outdated files.
- Breach Response Plan – Preparation is the best defense for handling a cyber breach incident. Draft a breach response plan and then test it. A response plan is only effective if it is tried and true.
- Encryption – As more users store sensitive agency data on their laptops, mobile devices, and portable storage devices, the risk of loss or theft increases. Require that these devices be encrypted so that the files they contain cannot be accessed by unauthorized persons.
Cyber security threats evolve with more technological advancement. It is up to all agencies – public and private – to advance in this digital age. It has become too risky to have a “I’ll get to that tomorrow” mentality on cyber security policies, raising the likelihood of their data breach appearing on the front page of the next day’s newspaper.
About Kyle McKibbin
Kyle McKibbin is an Account Executive serving customers based in our Oakland office. Kyle has specialized in cyber security coverage and risk management among other property and casualty programs.