Following the recent data breach in South Africa, HEINO GEVERS, Customer Experience Director at Mimecast, has outlined three tips for creating an effective cybercrime training initiative essential for companies.
Recent statistics released by Vanson Bourne and Mimecast show that less than half of South African companies are completely confident with the staff training they currently have in place to counter email cyber-attacks. As many as 46% only have some confidence and 6% have very little confidence. This is alarming, given that email phishing or spear fishing is responsible for more than 90% of all breaches.
While it’s essential for companies to invest in security technology to mitigate incursions and limit the damage of successful attacks, it only takes a single compromised email for a cybercriminal to breach an organisation’s perimeter. To ensure that money invested in email-security isn’t going to waste, companies will have to implement an effective awareness and training programme for staff.
Here are a few tips to consider when implementing this programme:
- Recognise the importance of leadership
Select leaders across the entire organisation to champion the importance of cybersecurity. The champion should have the trust and the ear of the executive team and must be able to secure the necessary financial and human resources.
A project leader or manager handles the strategic and tactical work of a team charged with developing and executing cybersecurity communications and training. Build out the team with employees from different departments and at different organisational levels to ensure a diversity of insights during the planning process. This also shows employees that this is truly an all-organisation endeavour.
It’s especially important to have someone from training and learning/human resources and public relations on the team since they are your internal experts on teaching and communicating.
Year-round communication is vital, so the message doesn’t lose its effectiveness. According to the Vanson Bourne and Mimecast research, only 21% of responding organisations in South Africa offer cybersecurity training monthly or more regularly, and more than a third only train employees annually or less frequently than that. It’s up to the champion to keep cybersecurity top of mind, with continuous training, throughout the year.
- Assess your capabilities and understand your risk
A complete audit of your cybersecurity is the best way to understand the kinds of threats your organisation faces and will give you a clear sense of vulnerability. Your IT team may be able to perform these tasks, but it’s crucial that you work with an outside vendor that specialises in email cybersecurity, or cybercrime prevention in general.
It’s important for all staff to be familiar with different forms of cybercrime and to understand how they work. This includes techniques such as ransomware like the infamous WannaCry, whaling and email wire transfer fraud. You need to know what to look for and how to prevent such targeted attacks.
- Focus on the priorities first
It’s important that you develop awareness and training programmes that address known and/or anticipated threats first. That way you can successfully protect your organisation’s network, without putting a large drain on resources. At the same time, you don’t want to create an environment of fear and anxiety, where users think cybersecurity is too big to handle and are scared away from best practices.
A successful cybersecurity campaign can do wonders for your organisation, potentially saving you from disaster. Smart security technology is still your number one priority, but ultimately, your organisation is as vulnerable as your most unassuming end user.