Years ago, Information Technology experts pushed the industry aggressively towards adopting firewalls to secure data environments. Today, they are ubiquitous. Even the router from your internet service provider contains a firewall.
As is always the case, bad actors responded by finding another weak point to exploit. Unfortunately, what they’ve discovered is a persistent issue that requires a fix far more complicated than installing a hardware piece: people’s inherent weaknesses.
Training people to have a security mindset takes persistence, repetition, testing, monitoring, accountability, and a top-down culture of responsibility with senior leadership support. The task can be overwhelming, but a robust security training program is required for doing business in most industries. We increasingly see contracts and agreements that contain language requiring the company to establish and maintain a training program. This trend is based on reality as the number of data breaches continues to accelerate. No one wants to see their business impacted by such a preventable public mistake. Reputational damage is very difficult and sometimes impossible to recover from. It is estimated to be 25x more expensive to recover a customer who has left due to loss of confidence than it is to retain them. As such, prevention is key.
OmniFund uses a mixture of internal and 3rd party training tools to keep our employees trained and tested on the latest trends in cybercrimes, hacking, phishing, account takeover, and CEO fraud. We’ve found that people can be trained to be inherently suspicious of the most common methods hackers use to infiltrate a business or exfiltrate money or data. In our experience, a cybersecurity awareness program, coupled with training, testing, and monitoring, has been crucial to the security of our customers’ data and the stability of our company.
By nature, humans are trusting, accommodating, and reactive. Company leaders need to take action today to strengthen the human element in their IT security model. As a great author once wrote: “Tomorrow is too late, yesterday is over, and now is exactly the right moment. So start!”
If you need to design a training solution or would like help improving an existing one, we recommend you reach out to one of the many 3rd party providers in the industry to discuss what tools and services they offer. eSecurityPlanet published a great piece on how to get started, and a list of training vendors is included at the bottom of the article.
We wish you luck on your cybersecurity training journey. If we all work together, we can keep our customers and our companies safe!