Seventy percent of chief information security officers feel their company is at risk of a major cyberattack in the next 12 months, according to the most recent “Voice of the CISO” report. It’s a dramatic increase from 48% just two years earlier. And the biggest Achilles’ heel? Your workforce. More CISOs than ever—80%—see human risk, in particular negligent employees, as the most serious vulnerability.
Cybercrime is big business. Cybersecurity Ventures suggests it could cost the global economy as much as $10.5 trillion this year, up from $3 trillion in 2015. Steve Morgan, editor-in-chief of Cybercrime magazine, says, “This represents the greatest transfer of economic wealth in history, risks the incentives for innovation and investment, is exponentially larger than the damage inflicted from natural disasters in a year, and will be more profitable than the global trade of all major illegal drugs combined.”
So, what can you do to prevent cybercriminals from enriching themselves at the expense of your organization? Jennifer Gregory, writing in an IBM publication, says: “Reducing human cybersecurity risk is not simple. You can’t launch a single program or training that fixes the issue. Instead, organizations must take a holistic approach that creates a culture of cybersecurity and empowers every employee to think of cybersecurity as their job.”
I totally concur, and wish to share the specific measures I find most effective in providing cybersecurity services to wealth management companies across the country.
Manage passwords properly.
Weak or reused passwords are one of the leading causes of data breaches. Encourage employees to formulate strong passwords that are at least 12 characters long and include a mix of uppercase and lowercase letters, numbers and symbols. Don’t use information that could be easily guessed like a birthday, your pet’s name or a series of numbers—1,2,3,4,5,6. And definitely don’t use the word “password.” Yes, some people still do that.
Furthermore, warn teams against reusing the same password across work and personal accounts—that compounds the risk when someone gets compromised. Do use a password manager tool, which generates and stores unique passwords securely for each account. And enable multifactor authentication—thereby adding an extra layer of security.
Recognize phishing attempts.
Phishing emails, texts or messages have become increasingly sophisticated, and by mimicking real co-workers or company messages with surprising accuracy, they trick users into sharing credentials or clicking malicious links. Be wary of unsolicited messages, especially those urging immediate action such as “Your account is locked!” Check sender email addresses for subtle misspellings. It’s easy to mistake support@gmali.com thinking it was support@ the real gmail. Hover over links (without clicking them) to verify their destination. One moment of inattention can lead to major security breaches.
Safely browse the web.
The internet is a treasure trove of information—and a minefield of threats. Only visit websites with https:// and a padlock iron in the address bar indicating encryption. Avoid entering sensitive information on unsecured sites. For work-related tasks, stick to approved platforms rather than third-party tools. Browsers like Chrome, Firefox and Edge offer built-in protections against malicious sites.
Employing a secure access service edge (SASE) solution, which is a cloud-based firewall that lives on your devices, further bolsters your level of security on the web. No matter where you are, a hotel, a coffee shop or your mobile hot spot, you are always connected to a secure virtual firewall that offers seven-layer encryption. It’s extremely important for remote workers and go-getters who are trying to work outside of the office. And it’s far less clunky than your outdated VPN. Finally, don’t forget to clear your browser’s cookies and cache monthly, especially on shared or personal devices used for work.
Resist finger-pointing.
Half of employees fear repercussions from their organization if they report a security mistake, according to a survey by ThinkCyber. It’s important, therefore, to not penalize employees for honest mistakes and to encourage them to admit errors so prompt remedial action can be taken before further damage happens.
Provide regular training.
Cybersecurity is not a “set it and forget it” issue. Threats evolve constantly, and staying up to date is vital. Make sure that employees understand and follow cybersecurity and data protection policies. Conduct training on a regular basis—perhaps every four to six months—so that everyone at every level in the organization understands the need to stay vigilant against cybercriminals. Make the training interactive and engaging. Hiring external cybersecurity experts can also add credibility to the training.
Final Thoughts
Cybersecurity hygiene is a shared responsibility. While firewalls and antivirus software are important, human behavior is often the weakest link in the security chain. By implementing strong password practices, recognizing phishing attempts, browsing the web securely, encouraging open reporting of mistakes and investing in regular training, organizations can significantly reduce human-related risks.
By understanding and applying these basic cybersecurity practices, employees can significantly reduce the risk of breaches and protect both their personal information and their organization’s critical assets and reputation.
