One of the most common misconceptions about cybersecurity is that small- and medium-sized businesses (SMBs) don’t need to worry about cyber-threats or attacks. This simply is untrue. Over the last few years, more than 70 percent of the organizations that have lost money to cyber-crime have been SMBs. Make no mistake: Small businesses are a big target. There are many reasons for this, but one of the most prominent causes is a lack of training and awareness among employees. People are the biggest threat to an organization’s security. But you can make your people your first line of defense.
Who?
Every person – from the president & CEO, and chairman of the board to the custodians, cashiers and administrators – should receive cybersecurity training and be held accountable for following all security policies. It is important to note that almost half of the losses associated with cyber-crime have been attributed to insider fraud and carelessness.
Given how widespread the usage is of personal devices among employees, on and off company premises, bring-your-own-device (BYOD) security policies must be addressed, as well. This is particularly true when employees use personal devices to conduct company business – including accessing work email accounts. Any device that connects, even sporadically, to company systems and accesses business data can be targeted by cyber-criminals and should be subject to specific security requirements.
Please click here to read the complete blog post and to contact OSAE Affiliate Member thinkCSC, a recent presenter at the OSAE 2017 Association Leadership Summit.