I could fill this post with countless studies, statistics, and articles that should make the answer to this question obvious. However, I suspect most readers already know the answer, so I will spare those details. Rather, the question I would like to focus on in this post is; Why is security awareness training absent from so many companies’ priorities?
While there are many reasons the most common include the belief that a business is too small to be attacked, they lack the understanding of where to even start and they simply are not willing to allocate funds towards it. Again, I could fill the rest of this post with information to dispel the believe that a company is too small to be a target. If you are curious, do a quick Internet search for “Is my business too small for a cyberattack?”. Happy reading!
For the remainder of this post I will focus on the other two reasons, getting started and funding.
Get started with making cybersecurity a topic of conversation at the highest level of your organization. Start with talking about the tips provided by the “National Institute of Standards and Technology”; Use strong passwords, backup your important information, use virus protection software, do not keep computers online when not in use, do not open email attachments from strangers, and use a firewall. Something is better than nothing.
While spending money to protect your business is wise, there are free resources available to you. First, phishingbox.com has a free Phishing Simulation which can be found at https://www.phishingbox.com/phishing-iq-test. This is a good way to test how well you do with identifying phishing attacks. Second, I recommend taking the Cybersecurity Challenge developed by the Michigan Small Business Development Center. If offers 8-well constructed tutorials covering various components of Cybersecurity. https://smallbusinessbigthreat.com/cyber101/
Next up: What is a Hosted PBX?
Click here for our previous post, “What the heck is the difference between a public, private and hybrid cloud?”