It is incredibly frustrating for all businesses that to just to operate on a day-to-day basis, we need to invest so heavily in cyber security protection. I feel your pain as the MD of an IT services company we too need to constantly militate against security risks that might impact on our business operation and, of course, that of our clients.
Cyber security threats are constantly evolving and every time a new virus or hack is discovered, companies throw more money at the problem. It’s one area of the IT budget that’s hard to show any positive ROI, so you may be interested to hear of a security prevention tool that won’t cost you much and addresses the biggest security risk in your business.
Insider Threats: The Biggest IT Security Risk To Business
It is a well documented fact that the biggest security risk to most businesses, IT or otherwise, is your staff. If you think about it, a large proportion of the spend you are making on security systems is to protect against threats that could be introduced by the actions of your people. The threat may come from outside but it takes someone inside the company to activate it.
Take for example the current wave of attacks using ‘phishing’ or ‘whaling’ emails, which are based more on social engineering principals rather than specific technology threats. These emails often appear to come from a reputable source, such as another employee, and may involve several points of contact before the actual attack email. They are convincing, which is why they so many companies are vulnerable.
Therefore it stands to reason that if you have a good on-going awareness raising and training programme in place, you could keep the costs of security down instead of having to increase your budget every time a new threat appears. In fact, in my experience as the costs of upgrading IT security systems become ever more eye watering, the returns in terms of risk mitigation are less.
Your existing IT team or service provider can probably deliver this training for you and it could include:
- Induction training for new members of staff;
- Regular face-to-face training that not only educates staff about security risks but also helps them to understand the implications to business of specific threats;
- Threat awareness communications to both notify employees of new threats, and update on older ones;
- Online training in the form of quizzes that help staff recognise threats such as this one from Cisco.
Your IT partner will most likely be able to devise a training programme tailored to your organisation’s needs.
Don’t let your staff be a sitting duck for IT threats; get that training booked. It will be one of the best decisions you have taken to protect your business this year.