It is no longer a secret that the greatest vulnerability within any organization does not exist among the potential weaknesses within their company servers. No. The primary threat to any organization, anywhere, is the end user. A common misconception is that only large, public facing organizations can fall victim to data breaches. Although the largest names do indeed seem to get the most public shaming when their end users cause an attack, see internet governance organization ICANN and the spearphishing attack that they fell victim to in December of 2014. But, this is simply not the case anylonger. Any company of any size can fall prey to malware attacks, data breaches from email or url spoofing, or even social media attacks. In fact, very commonly, smaller organizations are also more likely to become victim to small ransomware attacks.
Preparing your company or organization with end user security awareness training is critical. Whats more, end user security training is readily available, easy to set up and more importantly, relatively inexpensive. For example, Cybrary’s end user security awareness training is set to be priced based on teh number of users within the organization, and sometimes that pricing can be as low as just a few dollars per user. So a company with 100 or less employees does not need to purchase a course that would have previously set them back several thousands of dollars. Instead, a small investment of a few dollars per user, annually, can help them to train and empower their employees and ultimately stabilize that primary threat. Wouldn’t you feel more comfortable knowing that your employees know what to look for in a spoofing attack, or that they know protocol on a potential social engineering target?
Security awareness training not only effects an organization, in making them stronger, but it also helps the individuals who take the training in their homes. As people acquire the knowledge of what to do, and not to do online and with spoofing and malware attacks, they learn to protect themselves at home. It may be surprising, but people still do get tricked into clicking on things that they shouldn’t. People do get tricked by pop-up malware telling them that their computer has been infected, and to call a number. People still do get tricked to provide password, bank account or personally identifiable information by spoofed URL’s and emails. By putting your staff through security awareness training, you are helping to empower them to be prepared for the everyday threats that they not only face at work, but also at home. This, then allows them to provide the members of their family with the same capabilities to avoid these threats.
So ultimately, its time for EVERY organization, of every size to empower their employees and make end user security awareness training a priority!