[Part 1 and Part 2 of this article appeared in the two previous issues.]
The financial impacts of cybercrime are expected to reach $6 trillion annually by the year 2021. It’s a massive issue facing individuals, governments, and businesses alike. When it comes to the business world, it’s important to train all employees on how your organization handles cyberthreats. As a first step, we recommend training employees on the significance of the threat. Second, we recommend training employees on how to be aware of the types of threats that exist. The third step we recommend in establishing your cybersecurity policy and training is to make clear to employees what to do when they discover a potential cybersecurity risk.
Don’t Click!
If an employee sees something that looks like it could be a bogus link or attachment or just something fishy, the employee absolutely should not open or install anything.
Let the Experts Know
Your organization should designate a person (or preferably a group) to handle reported incidents of cyberattacks and suspicious activity. This group can analyze potential threats and either give the “all clear” or take appropriate action to avoid and mitigate threats.
Next Steps
For your non-cybersecurity response team employees, reporting suspicious behavior is usually the end of the process. The response team should be tasked with evaluating the severity of any actual breach and taking the appropriate follow-up measures. This may include isolating parts of the network, restoring systems or data, notifying customers or others whose data may have been compromised, notifying law enforcement agencies, and patching vulnerabilities.
Cybersecurity threats are very real and pose a significant challenge for organizations from nation-state governments down to individuals and small businesses. It’s crucial to have a sound cybersecurity policy in place and to effectively train your employees on that policy and how to follow it.