Security Training: A Key Element of a Strong Cyberrisk Prevention Program
Posted on February 3, 2020 by Mike Beagles
According to a recent report by Crowdstrike, cybersecurity threats to state and local governments increased in sophistication in 2019. While there have been improvements in how government agencies detect attacks, assailants continue to be relentless and inventive in their efforts to find IT infrastructure gaps that can be exploited. In a highly complex digital environment full of cybercriminals looking to exploit your organization’s vulnerability, a self-inflected wound can be especially frustrating.
As IT departments look to implement more solutions to protect their organization, one of the most important strategies comes from within: employee awareness training. Take a proactive approach to training your employees on these three cybersecurity best practices, at a minimum.
1. Password Management
Using strong, unique passwords is a simple and effective way for everyone to keep their online accounts secure. Unfortunately, despite numerous warnings and seemingly unending headlines about new, devastating data breaches, people are often unwilling to adopt this practice in their daily lives. And, 81 percent of hacking-related breaches are a result of either stolen or weak passwords, according to a recent Verizon Data Breach Investigations Report.
In a 2019 year-end rundown, security researchers compiled a list of the worst commonly used passwords. Predictably, “12345,” “test1,” and “password” all made the top five most popular passwords. Other passwords included simple number combinations, popular female names, and horizontal or vertical letters or numbers on a QWERTY keyboard.
It’s clear that there is one opportunity for employees to take a simple step to improve their organization’s defensive posture, and that’s education around how to build strong passwords. And, when coupled with other easy-to-use features like two-factor authentication, they can promote a robust defense of their digital environment.
2. Phishing Awareness
Employees often fall for phishing attacks containing a malicious attachment that ultimately infects the entire public safety network.
Despite your best efforts of implementing cybersecurity software, some phishing emails will inevitably make their way into your employees’ inboxes. Fortunately, these emails aren’t malicious until acted upon by employees. Comprehensive awareness training on how to recognize these threats can equip all employees to identify and neutralize possible threats. It’s a low level of effort, high impact form of defense that can make a significant impact on your company’s data security efforts and ultimately, your ability to avoid operational disruptions caused by cyber incidents.
3. Be proactive about talking about cybersecurity with partners.
Third-party partnerships are becoming increasingly important in today’s government environment, yet they are capable of inviting potential cybersecurity vulnerabilities. It’s estimated that more than 60% of data breaches involve a third-party exposure. Consequently, cybersecurity should be a top priority when considering partnerships, information sharing, or other collaborative opportunities.
Educate your employees on the importance of having this discussion with partners and vendors.
Public safety agencies of all sizes must prioritize the awareness training that can render cyber-attacks useless. With the cost of a data breach continually increasing, addressing this vulnerability can be one of your agency’s best investments. MCP offers a comprehensive cybersecurity solution designed specifically for public safety and other mission-critical organizations. A key element of this solution begins with employee training. We can help you incorporate regular training into your education plan, and prevent attacks originating from a self-inflicted wound. Contact us today to learn more.