Bitglass recently released their 2018 BYOD Security Report and found that 85% of organizations are embracing bring your own device (BYOD), and in some cases are even allowing contractors, partners, customers and suppliers to access corporate data on their personal devices. But even if you have a solid approach to ID security with your managed devices, you also have to consider the unmanaged devices.

It’s unfortunate, but the “bad guys” are incredibly skilled at crafting meaningful emails, and with the holiday season, all sorts of creative phishing emails are bombarding the end user who might be thinking they are getting the latest-and-greatest 55” TV for $200, only to result in malware being download and potentially impacting all it touches.

And while TechTarget says most end users “think they know enough about the internet to not fall prey to these attacks, and that the cyberattacks they see in the news couldn't possibly happen to them,” it’s this false sense of security that can ultimately lead to a disastrous breach.

The Verizon 2018 Data Breach Investigations Report also concluded that, “companies are nearly three times more likely to get breached by social attacks than via actual vulnerabilities, emphasizing the need for ongoing employee cybersecurity education.”

It’s stats like the above that are keeping many IT leaders up at night. So, what’s an organization to do? OneNeck CISO Katie McCullough says, “It starts with end-user awareness. That’s your biggest potential for risk. It’s the age-old, phishing is the #1 way to exploit a company, and the bad guys are always going to be out in front of that. There’s always detection and prevention you can do at a technology level, but the more you can educate the co-workers in your business to be savvy and don’t click, even though it sounds basic, it’s these best practices that companies have to constantly reinforce with their end users. They can invest all they want in technology, but if you’re not focused on training and reinforcing that training with your broad co-worker base, all it takes is one click.”

Like anything where the human factor is involved, repetition is crucial, as is the right combination of technology and processes. This can include:

• Annual security-awareness training
• Quarterly updates, blogs and communication to keep it top of mind
• The right mix of security technologies to stop malware and block access to malicious sites
• Anti-phishing training, which enables IT to send fake phishes to employees, exposing the vulnerabilities

Ultimately, don’t fall into the trap of, “It hasn’t happened yet, so why should I worry?”  It takes a diligent and continuous approach to mitigating constantly-evolving security threats. But with a strategy that takes into account those personal devices and continuous employee education, the holidays don’t have to be the scariest time of the year.

Want to learn some more useful security tips from OneNeck’s CISO? Check out this informative Point of View Paper…