We encourage organizations to own their role in cybersecurity by starting with the basics, including creating strong passwords and implementing regular cybersecurity awareness training.
While faulty software or a backend development problem causes noteworthy breaches, the number one reason for a breach is a human error by employees. These breaches allow critical data to be compromised, causing a ripple effect of downtime to systems, networks, and devices – or even threatening your reputation with current and potential clients. As mentioned in our blog, Catch a Phish Before It Catches You, the average cost of a data breach in 2020 was a staggering $3.86 million.
Avoid Being a Statistic
A recent study, “Psychology of Human Error,” found that a mistake made by an employee causes approximately 88% of all data breaches. The study also states that nearly 50% of the employees are “very” or “pretty” certain they have made an error at work that could have led to security issues for their company.
The risk of a breach caused by human error reduces with regular education and awareness around cyber threats. An organization with a strong cybersecurity and awareness program can answer yes to the following questions from Defendify’s free Cybersecurity Health Checkup:
- Are there written rules on how employees are expected to use company technology devices and data?
- Do employees receive ongoing alerts about new cybersecurity threats, topics, and trends that may impact your organization?
- Are employees regularly tested to see if they might click on bad links or open unknown files in suspicious emails?
- Do your employees receive ongoing, regular awareness training on cybersecurity safety, topics, and best practices?
- Are there cybersecurity safety notices and posters displayed in your facility or shared electronically?
If the answer is “no” to some or all questions listed above, it is time to bolster cybersecurity awareness through training and instilling policies throughout the organization. All employees, including everyone from the C-Suite to an intern, are responsible for cybersecurity. Although, many do not have an awareness of how to identify and respond to an active threat.
Keep Your Data and Password Secure
An alarming number of breaches are due to employees practicing poor password hygiene habits. In 2019 about 80% of data breaches were caused by password compromise. Implementing policies and awareness training around the importance of proper password hygiene will drastically reduce the chances an organization is breached because of human error. Here are a few tips for creating a strong password:
1. Avoid personal information. It’s just too easy to guess. Attackers sometimes use a compiled personal information database to more guess passwords.
2. Make it long. When you add characters to a password, the number of possible combinations for a brute force attack grows exponentially. Experts recommend at least 13 characters, but this recommendation will increase as brute force attacks become faster and more advanced.
3. Don’t recycle passwords. It’s important not to reuse a password, no matter how strong. If one account is breached, the first thing an attacker will do is try the same login for other, potentially more critical, sites. The average person reuses each password 14 times!
4. Use Passphrases. A long, strong, and memorable passphrase is one excellent method. For example, use a string of unrelated words, ideally with extra characters (e.g., “hammer-jumping Fuzzy Creator.” Or try a longer sentence like, “I want to eat some cotton candy!”. And you can find a whole lot more from ConnectSafely.
5. Use a password manager. A password manager can create and store strong and unique passwords for each of your accounts. This management system takes the guesswork out of creating a new password for each account and manages all of them in one place.
Cyber Awareness Reduces Human Error
Implementing regular awareness and education around cybersecurity is essential to reducing breaches caused by human error. Still, it is easier said than done, especially for organizations without a dedicated security team. Creating policies that include proper password hygiene, continuous education, and awareness training take resources that most businesses simply do not have to spare. But, with a comprehensive cybersecurity program you can instill that continuous employee awareness and institutional knowledge around cybersecurity without dedicating an entire team to the ongoing effort.
More cybersecurity awareness resources:
Cyber Readiness Institute : Secure Sharing Checklist
NCSA: Cybersecurity in A Flash! Ransomware: Response and Recovery
CompTIA: Cybersecurity Advice for MSPs: Keep the Car Doors Locked
Resources & insights
Protect and defend with multiple layers of cybersecurity
Faster. Smarter. Stronger.