Studies show that 86% of cyber attacks and scams are triggered by employees themselves.

If you use physical security measures to protect your employees, and the interests of your company to mitigate the risk of an accident, why are we not applying this same concept to the safe use of our technology services that are also critical to operational success of our companies?

For example:

If you hire an employee to use special machinery, the typical process of a company is to offer training before allowing the use of that work tool, right? Human Resources personnel and the Department Supervisor design a training protocol to ensure that the employee knows how to properly use their work tools.

So why do we treat technology tools so casually?

The skills of our employees should no longer be limited to knowing how to use Microsoft Office, send an email, or scan a document. The reality is that the digital world has transformed how we work, connect, and serve our clients, and so should our defenses when it comes to using technology tools.

Don’t you think that it is an important part of the hiring process that a company provides its employees access to informative talks on cyber security so that they can better identify, avoid, and report the constant cyber attacks that fill our e-mail boxes every day?

In this newsletter, we talk about the importance of educating your employees and adopting policies that optimize your company’s cybersecurity posture.

Point 1: 

Do you remember the recent incident that occurred at the San Juan dock that left several sectors of the country without supplies for the manufacture, operation, and distribution of merchandise?

That incident was caused by a strike. But, a cyber attack can have the exact same effect: it can leave your business unable to operate, manufacture, or provide services to your customers.

Cyber ​​risk affects the entire company. It has an impact on business activities at all levels and can be a driver of other significant risks, such as reputational damage, damage to operations, and regulatory breaches.

The Role of the Board of Directors and Senior Management in Cyber Risk Education:

• An organization’s ability to successfully mitigate and respond to cyber risk requires conscious oversight by the board of directors. The Board, in turn, needs to ensure that senior executives thoroughly understand this dynamic cybersecurity topic to inform Boardroom discussions.
• All Boards need to educate executive management on these cyber risk topics in order to translate technical and tactical details about cybersecurity into business terms, such as the risks, opportunities, and strategic implications. 

Look at it this way:

How much can a cyber attack cost your business if your clients’ confidential information or internal documents are leaked? 

On the other hand, how much would it cost you to implement policies and technology that help your business mitigate the risk of a cyber incident occurring?

Point 2: 

What senior executives and business owners should know about the cyber threats that could affect their businesses. 

Senior executives should ask the following questions about potential cybersecurity threats:

1. How might cyber threats affect different functions of my business, including areas such as supply chain, public relations, finance, and human resources? 

• That is, if our supplier suffers a cyber incident, or hacking, and the inventory and fleet systems do not work, how will it affect my business if I do not receive the materials I ordered?
• If it is my company that suffers the cyber incident, how will my business be affected if that news is released to the public? 
• Are customers going to trust you and continue to do business? 
• Will the client be able to terminate the contract and seek to work with your competition? 
• Can your business overcome lost revenue if you can’t bill, process payments, or collect payments because the online systems can’t be accessed?

2. What types of critical information could be lost due to a cyber breach? 

• For example, trade secrets, customer data, investigative reports, and personally identifiable information (PII). Do penalties apply for non-compliance by a regulatory agency? (PCI, HIPAA)

3. How can my business build long-term resilience to minimize our cybersecurity risks?

• Do you have an incident response and mitigation plan? If you have a plan in place when was the last time you tested it? 
• Are you sure that your employees or the departments indicated in the plan have a clear record of the response tasks and the order in which they should be carried out to mitigate a critical cyber-attack incident?

4. In the event of a critical and sensitive cyber incident within the company, to whom do my employees exchange this information?

• Public Relations
• Lawyers
• IT Employees, Human Resources, Operations, and Compliance. And if applicable, the external company that provides managed IT services.
• All of these people play a very important role in the agility of response and mitigation of these delicate cybersecurity situations that your company may face.

Point 3: 

Valuable Tips on How to Create a Company Culture to Reduce your Cyber Risk

As users of your company’s digital equipment and systems, employees play an essential role in your company’s Cyber ​​Readiness Culture. Your task as a business owner is to develop cybersecurity awareness and vigilance within your workforce.

What actions can leaders take to create a company culture that has the tools to reduce cyber risk?

• Develop a culture of awareness to provide your employees with the knowledge to make good decisions online, on web pages, and on social networks.
• Learn about the cyber risks like phishing and scams such as business email compromise and showcase examples of fraudulent emails so that employees can discern to their best ability whether an email is authentic or not.
• Maintain awareness of local events and current news related to cybersecurity. Take the opportunity to understand how the incident occurred and use those lessons learned to protect and defend your company.

___

Source: ONUVO