Are You Keeping Your CISO Up At Night?
You probably don’t think about it too much. Why would you? You have your own job to worry about. But there are a couple of real easy things you can do to help your security team sleep better at night, so why not check’em out?
Top security pros say human error and some very normal, common employee behaviors are the biggest risk of letting cybercriminals into your company’s networks. It turns out most of what keeps your Chief Information Security Officer and his or her team up at night is … you.
Well okay, not you exactly—but mistakes you and your co-workers might make that could expose the company to financial losses, customer reputation damage, sensitive plans and data in the hands of competitors or even harm national security in some cases.
In a fascinating study from Proofpoint, 55% of CISOs and CSOs called human error/lack of cybersecurity awareness the biggest risk for their business, no matter what cybersecurity solutions are in place.
Common employee behaviors
According to the experts these are the most common employee behaviors likely to result in cyberattacks:
Clicking on a malicious link or downloading a compromised file (43%)
Falling victim to phishing emails (39%)
Intentionally leaking data (35%)
Unauthorized use of devices and software applications (35%)
Interestingly, while these experts were clearly aware of the risk employees pose to the business, 44% admitted they didn’t know who the most at-risk employees in their organization are.
Training and exposure to concept reinforcement is key
So what makes employees less likely to commit potentially harmful security gaffes, in most cases without meaning to or intending harm? Researchers note that ongoing security training is the key.
CSOs and CISOs agree with 73% saying their organization must improve its employee cybersecurity awareness training. Indeed, despite the numerous challenges facing CISOs, 49% have made it their number one priority this year.
Unfortunately, providing this training looks like an uphill battle. In the study, 54% of respondents said limited time and resources are an obstacle as they attempt to develop an effective program, and 50% don’t believe their board pays enough attention to delivering effective cybersecurity.
Easy things you can do to help
Be intentional about scrutinizing emails you receive. Something’s off? Double check with IT. Costs you nothing.
Don’t share work devices with family. It’s a common thing but the problem is that your family won’t be as cautious you are
Receive a request from someone in the company that’s unusual? It hurts nothing to check in with them by phone or in person to clarify. Criminals love to steal credentials to pretend they are legit
© National Security Institute, Inc. www.nsi.org
Recent SecuritySense Posts
- 5 Things Crooks Love to See In Your Social Media Profile
- FAQ: Security and the Cloud
- The Ransomware Perfect Storm
- Children More at Risk Online During Pandemic
- Going Back to the Office? You’re a Perfect Target for Phishers
- 5 New Social Engineering Tactics Criminals Are Using Right Now
- Frequency Strategy in Security Awareness Campaigns
- Security Awareness Email Is Not Spam
- April Scam Watch
- Top 4 Emotions Used in Social Engineering
Protect Yourself & Your Company From Cybercrime
Why shouldn’t your life be a little easier?
We want to make it super easy for you to market cybersecurity awareness to everyone at your company. We’re here to help you be more persuasive and support your work to make the entire company cyber-savvy.
Maybe you’re not a “marketer,” but you can be. You can get their attention with content that’s relatable, relevant, concise and enjoyable to read. We get feedback all the time from your peers who tell us their employees look forward to receiving SecuritySense.
SecuritySense is a subscription-based content service that delivers you a consistent supply of fresh cybersecurity awareness content so you can easily maintain an ongoing cybersecurity brand awareness campaign
Our Unique Content Strategy
People pay attention to content they find personally relevant. SecuritySense doesn’t feel like you’re being given extra work to do. It’s a blend of personal and work-relevant cybersecurity tips, warnings, human interest stories, instructions, news and insights that everyone looks forward to receiving. More about our content strategy
The Secret to Creating Awareness
Brand marketers know if you want to create awareness you have to do two things. Steadily promote your message and make sure the message offers content that personally resonates with your audience. SecuritySense makes it easy for you to do both.
Compare Our Per Employee Cost
Compare our per employee annual cost with the $8.00 – $20.00 seat licenses you might pay for training platforms. It’s a no-brainer to add SecuritySense to your overall program.