Risks associated with the lack of employee awareness programs
Once-per-year general security training sessions to meet compliance requirements aren’t going to be enough to build a culture of security.
Threat ignorance is a concept used by security professionals to determine the level of vulnerability a company or user’s computer or system has to an attack. The idea of threat ignorance stems from a lack of understanding about how to take basic security precautions on the part of a user.
In a world where 90% of global organisations surveyed said they had been targeted by business email compromise (BEC) and spear phishing attacks, assembled data from nearly 50 million simulated phishing attacks, third-party survey responses by security professionals in Australia, France, Germany, Japan, Spain, the UK and the US, and 3,500 working adults.
It found that the majority of people in general failed to observe the basic principles of cyber security hygiene. For example, 45% admitted to password reuse, more than 50% did not password protect their home networks, 32% were unfamiliar with VPNs, and 90% used their work PCs and smartphones for personal activities.
Recognition of common security terms, such as malware, phishing and ransomware, was also found to be lacking. Only 61% could correctly define phishing, and only 31% malware, exposing both a knowledge gap and a language barrier for security educators. Recognition also varied wildly between age groups. Lack of employee awareness programs is a key factor in increased employee risk to any organization.
Where appropriate security employee awareness programs were undertaken, the effects were noticeable, with 78% of surveyed organizations saying they had seen “measurable reductions” in phishing susceptibility as a result.
A high number of attacks are started by an external party gaining access to an employee in your network over email (email phishing). They can then perform all kinds of malicious actions (holding your data ransom, getting money transferred to them, etc.). we can provide you and your employees with an education campaign on how to be vigilant to suspicious emails as part of a wide and engaging employee awareness programs.
Through different methods and solutions that meet your specific organization’s needs, we can custom tailor phishing attempts and training programs with statistics and metrics to show improvements and positively rewarding good employee security awareness. We are happy to share with you our solutions and services around employee awareness programs, we are a phone call away.
To see how we can organize an educational campaign to your employees, click on the link below:
