The ever-changing landscape of technology solutions has resulted in businesses/organizations being more and more connected. The ability to share information, receive immediate communications and leverage the interconnectivity of business processes has increased the expectations of consumers for ALL organizations, regardless of their size.
Along with escalated connectivity comes escalated risks; in particular, phishing attacks, which recent studies reveal was the top tactic utilized by hackers and saboteurs. Phishing is the attempt to obtain sensitive information, such as usernames, passwords and credit card details, disguised as an electronic communication request from a trustworthy entity.
We all hear about cyberattacks involving higher-profile institutions, but it’s the small businesses and organizations, including nonprofits and government entities, that are the more desirable targets for cybercriminals because of the lack of resources and protection of IT systems.
Email remains the number one vehicle to hack into your system. If you haven’t considered User Awareness Training (UAT) for your employees, you should. An ounce of prevention is worth a pound of cure; an old adage never more relevant than in today’s connected world. Simply put, don’t get hacked or hijacked to begin with. Train your employees on what to look for, ahead of time.
UAT establishes an initial base-line of your user environment; a vulnerability profile is created. Statistics are provided on how exposed your organization is to external phishing attempts. Users are presented a series of interactive training videos that include demonstrations and examples of what to look for and what to avoid. A behind-the-scenes examination on how hackers infiltrate an organization is clearly outlined. Phishing tests are conducted monthly or quarterly (frequency is decided by the organization), continually educating employees, while also providing feedback on improvements. Users that fail to effectively identify phishing emails are automatically enrolled in additional training sessions, all of which can be managed and monitored by the organization’s leadership team.
Mercadien had its first official UAT in January of 2016. Our employees’ eyes were opened to hackers’ creative schemes and easy-to-spot modifications made to email signatures, addresses, etc.
Unlike physical security controls, UAT has proven to be budget-friendly, while also being very effective at reducing risk. Many organizations have seen a reduction in their annual insurance premiums resulting from completed UAT programs.
Nearly all organizations are held to some form of regulatory compliance standard; a common denominator for most institutions is to establish a level of risk management and cyber-threat-prevention. Annual reviews of security controls and adopting UAT programs are rapidly becoming required, not just recommended.
Please contact me at 609-689-9700 or firstname.lastname@example.org for further information on cyber security risks and protection for nonprofit and government organizations.