With the rise in remote work, companies and organizations need to update their security policies and controls. Based on IDG’s 2021 Global Intelligence Report, 67% of organizations expect their security budget to increase this year. However, despite the increased security, key gaps remain, and additional policies need to be implemented for the remote workforce.
Be Aware of Holiday Inspired Phishing Emails
It’s unfortunate, but the “bad guys” are incredibly skilled at crafting meaningful emails, and with the holiday season, all sorts of creative phishing emails are bombarding the end user who might be thinking they are getting the latest-and-greatest 55” TV for $200, only to result in malware being download and potentially impacting all it touches.
And while TechTarget says most end users “think they know enough about the internet to not fall prey to these attacks, and that the cyberattacks they see in the news couldn't possibly happen to them,” it’s this false sense of security that can ultimately lead to a disastrous breach.
Educate Your Staff to Watch Out for Phishing Attempts
It’s stats like the above that are keeping many IT leaders up at night. So, what’s an organization to do? OneNeck CISO Katie McCullough says, “It starts with end-user awareness. That’s your biggest potential for risk. It’s the age-old, phishing is the #1 way to exploit a company, and the bad guys are always going to be out in front of that. There’s always detection and prevention you can do at a technology level, but the more you can educate the co-workers in your business to be savvy and don’t click, even though it sounds basic, it’s these best practices that companies must constantly reinforce with their end users. They can invest all they want in technology, but if you’re not focused on training and reinforcing that training with your broad co-worker base, all it takes is one click.”
Key Steps to Prevent Cyber Breaches at Your Organization
Like anything where the human factor is involved, repetition is crucial, as is the right combination of technology and processes. This can include:
- Annual security-awareness training
- Quarterly updates, blogs and communication to keep it top of mind
- The right mix of security technologies to stop malware and block access to malicious sites
- Anti-phishing training, which enables IT to send fake phishes to employees, exposing the vulnerabilities
Ultimately, don’t fall into the trap of, “It hasn’t happened yet, so why should I worry?” It takes a diligent and continuous approach to mitigating constantly evolving security threats. But with a strategy that considers those personal devices and continuous employee education, the holidays don’t have to be the scariest time of the year.Want to learn some more useful security tips? Check out our exclusive IT Professional’s Security Strategy Toolkit.