Cybersecurity in the Workplace Needs to Be Everyone’s Concern

By Susan Hoffman
Contributor, InCyberDefense

Note: This article is part of a university series for National Cyber Security Awareness Month in October. This week’s theme is Cybersecurity in the Workplace is Everyone’s Business.

Businesses and government agencies are a treasure trove of information for hackers. These organizations store a variety of rich information that hackers find useful, including:

• Names
• Birth dates
• Social Security numbers
• Health insurance member identification numbers
• Credit and debit card numbers
• Phone numbers
• Email addresses
• Intellectual property

With all of this information at their fingertips, hackers can use it to get free medical care or to buy goods or services. In addition, they can steal your identity and get you in financial or legal trouble. Even worse, a hacker can steal your organization’s proprietary information to make a profit from insider information or disrupt a company’s ability to function.

To prevent future breaches that harm organizations, their employees and their customers, it is vital for everyone within that organization to get involved in protecting the cybersecurity of the company. You wouldn’t leave your home or office building without locking the doors, right? So you should be equally attentive to “locking up” your company’s data through cybersecurity improvements.

In the first half of 2017, over 1.9 billion data records were compromised. (Source: Gemalto)

How Do Hackers Get Access to Company Data?

Hackers enter a computer or computer system in many ways. In the Home Depot hack, for instance, the hackers came in through a third-party vendor. The Target hack involved malware that someone installed on a Target server, which had been taken over by hackers.

In some cases, a hack comes from inside the company. An angry employee who has been terminated, for example, may throw a company’s computer system into chaos prior to leaving.

But passwords are still one of the biggest security vulnerabilities. According to Verizon’s 2017 Data Breach Investigations Report, “81% of hacking-related breaches leveraged either stolen and/or weak passwords.”

Cybersecurity Protection Can Occur at Different Levels of a Company

Because cyber threats constantly evolve, it is challenging for an IT department to keep up with all the new threats while protecting the organization. But there are ways that other employees and C-level executives can help.

For instance, executives and managers can allocate time for their employees to get cybersecurity training and recognize hacking attempts such as emails (which can be highly convincing at times) that contain links to malware.

Organizations can teach their employees to create secure passwords (a combination of uppercase/lowercase letters, symbols and numbers) that impede a hacker’s ability to guess them. Employees also should check with an IT staff member after receiving a suspicious email or seeing a suspicious website.

Smaller companies are often more popular hacking targets than larger companies, because they have less security and less money for cyber protection. Here, cybersecurity education and training are particularly important. Ideally, all employees and company leaders at smaller companies should have at least some knowledge of cybersecurity to protect the organization from both data breaches and lawsuits from their customers.

Cyber attacks cost companies more than $15 million per year. Although those companies may not want to spend the time or the money to protect themselves, increasing cybersecurity can be a powerful deterrent to many hackers.