#MIDDLEBURY
By JUSTIN GOLDEN
Sometimes perception is reality. Oftentimes, it is not. An example is from a survey completed by the Horton Group in Chicago for Assurex Global.
The perception is “cyber crime only happens to large companies.” The reality is phishing campaigns (which attempt to gather confidential information such as social security numbers, credit card information and passwords by appearing to be a “trusted” entity in an email communication) target small businesses 43 percent of the time, and 22 percent of small and mid-sized businesses reported cyber attacks.
The perception is “My business isn’t a target.” The reality is any business in any industry can be targeted. The top three sectors breached by cyber attacks in 2015 were 1) services 2) finance, insurance and real estate and 3) retail trade.
The U.S. Department of Justice calls cyber crime one of the greatest threats facing our country.
While businesses and individuals try to reduce their vulnerability to cyber criminals by investing in the latest hardware and software to combat hacking, another element needs to be examined. That is the human element. In some cases, it’s ultimately the most crucial factor.
An article in the September 2015 Harvard Business Review, “Cybersecurity’s Human Factor: Lessons Learned from the Pentagon,” states “the vast majority of companies are more exposed to cyber attacks than they have to be. One key lesson of the military’s experience is that while technical upgrades are important, minimizing human error is even more crucial. Admiral Hyman Rickover, the (Father of the Nuclear Navy) focused intensely on the human factor. Sailors were trained to avoid mistakes and to detect and correct anomalies before they cascaded into serious malfunctions.”
It can be a serious issue if you don’t have the proper equipment or latest security installed in your company to protect against cyber crime. But you can experience worse consequences if your employees aren’t trained on its use and tested regularly to ensure they are following established protocols.
A March 2017 New York Law Journal article, “Implement a Cybersecurity Culture Through Broken Windows Cyber-Policing,” said the CEO of Lloyds of London estimated in 2015 the global cost of cyber attacks on the corporate world would approach $400 billion. The article says a company can implement a cybersecurity-conscious culture through broken windows cyber-policing. The broken windows policing initiative was utilized by the City of New York police department in the 1990s. Based on an article written by James Q. Wilson and George Kelling in Atlantic Magazine, the theory is that targeting minor crimes will address larger crimes. It is easier to catch the minor visible acts than the major, more complex ones.
The three elements are a) employee education, b) detecting minor infractions, and c) zero tolerance for infractions. Train your employees how to protect company information. Regularly test your employees to ensure they are adhering to cyber security policies. Finally, enforce those policies.
Golden Technology Services Inc. assists its clients in improving their cyber security. They can be reached at 972-679-9738 or info@gtscloud.com.
