I’m very excited about our upcoming webinar, “Cybersecurity 2014: The Impact on Global Companies,” with Lisa Sotto. She is a well known data privacy rockstar and will provide an overview of cybersecurity in 2014, the current state of data privacy legislation and best practices for investigating and reporting a data breach. With data security and privacy being such a hot topic in compliance, I knew I wanted to blog about the importance of data privacy and security awareness training.
Born in 1990, yes, I am a “millennial”. You can check out our VP of Marketing Operations, Cindy Knezevich’s blogs for a better insight on millennials in the workplace…I’m one of the ones who makes her feel old! I won’t lie – I probably have every gadget imaginable. They’re almost extensions of my body. I have no shame in admitting my iPhone goes everywhere with me, even to the bathroom! The age of technology and mobile advances has put so much information at our finger tips, we no longer have to go to those tedious libraries.
We millennials might be tech savvy, but that doesn’t mean we’re all security savvy when it comes to our personal information, not to mention corporate information. With everyones’ information readily available via the internet, there are plenty of chances for potential hackers to access private information. In this age where everything is online, security awareness training programs are a necessity because they change the way individuals think and behave when it comes to sharing and securing information online. In this blog, I will review four cases where security awareness training could have helped save the day, because knowing what to look for is the first step in knowing how to prevent it.
Companies Succumb to Data Breaches
According to an article posted by Forbes, The Wall Street Journal and Vice allegedly got hacked two weeks ago by a Russian hacker named Worm, who was able to extract user information including email addresses and passwords. Like any great con artist, the hacker took to social media to tweet about the breaches and claimed he was selling the information on his personal site.
Another data breach happened recently at a Rhode Island hospital. The hospital experienced a massive data breach where Social Security numbers, dates and patients’ names were compromised. The hospital had to pay $150,000 in attorney fees following the incident.
In a similar incident, a Self Regional Healthcare facility based in South Carolina also experienced a patient data breach. An employee’s laptop was stolen from the facility which included Social Security numbers and financial data. The laptop did include a password, but it was not encrypted.
What I found as a common theme in the last two articles was that most of the time, the breach wasn’t discovered until days after the incident happened. With the right security awareness training, managers and employees can be trained on how to spot a cyber attack the moment it occurs.
To round off my top 4 articles, I came across another article about how passenger jet security systems may be susceptible to cyber attacks. A cybersecurity researcher found a way to access an airplane’s satellite communications through WIFI. Although a cyber attack has not happened, the researcher spotted a flaw in the current security system. Hackers have the potential to mess with a plane’s navigation and safety systems, which could compromise the safety of passengers.
The Importance of Security Awareness Training
The reality of it is that every technology or security scheme will, or at least can, be bypassed. This is why it is important to advocate defense-in-depth, knowing that you cannot rely upon any single countermeasure. In the stolen laptop incident, managers would need to be trained on the importance of encrypting their passwords as the first line of defense. Employees are the primary target for threats, especially in large organizations, where a single employee’s unencrypted password is more likely to go unnoticed. Security awareness training is critical in teaching employees basic computer security practices. Hackers don’t have to go after the CEO when it is much easier to target a new employee who may not know why having a strong password is required for the organization.
After I started working at The Network, I was informed to always lock my computer when I leave my desk. It is just a small step in making sure our information is secure. I was also instructed about laptop safety when I travel, our corporate remote access policies and other critical security policies.