image-almond-joy-mounds“Sometimes you feel like a nut, sometimes you don’t.”

That commercial tagline was from the 70’s and 80’s when the Hershey Company advertised two very similar coconut and chocolate candy bars—Mounds and Almond Joy.  This tagline reminds us of a quote from John Chambers, former CEO of Cisco who said, “There are two types of companies:  those who have been hacked, and those who don’t yet know they have been hacked.”  How is that for a wakeup call?

For those of you who think “that cannot happen to us because we are not that big,” you should know that the rate of cyber-attacks is increasing.  According to 2015 testimony given before the U.S. House Committee on Small Business, 71% of cyber-attacks target organizations with fewer than 100 employees.  Alarmingly, the average total cost of a cybersecurity breach for small business is $36,000.  Worse than that, the Third U.S. Court of Appeals in 2015 ruled that the FTC has the power to punish organizations that fail to invest in and deliver robust cybersecurity measures.  All of this information is not meant to scare; but it is true and far worse than getting back to your house on Halloween and finding out your trick or treat bag is filled with nothing but pencils, toothbrushes and raisins…and they are not even the chocolate covered ones!

Imagine what it would be like on Halloween if you and your friends could tell the houses with the good candy from the ones who gave out the bad stuff?  Wouldn’t that be great?  Your bag would be filled with Kit Kats, Reese’s Peanut Butter Cups, M&Ms, Starbursts and all the candies you love instead of those losers like Dum-Dums, NECCO wafers and Mary Janes.

The first line of opportunity for a cyber attacker and, thus, your first line of defense is…your staff.  Studies show that employees engage in risky security behaviors, sometimes even when they are aware of dangers, just like the person on the diet who reaches for that third handful of M&Ms.  Well, as it relates to cybersecurity in your workplace, there is a way for you and your employees to have that kind of information you need and to know what to do to reduce the risks of a data breach or security hack.

Most employees know that the email from the Nigerian Prince offering to place millions (in 100 Grand bars)  into their bank account is a spam sham.  But cyber-attackers with almost no investment can create emails that appears to be 100% genuine from a favorite bank, airline, shipping company, retailer and more, complete with company logos, privacy policies and addresses.  These are not easy to spot.  The key to spotting these is training!

Employee education and training, must be effective—as effective as a box of Skittles can get a 9-year-old to be spinning out of control at bedtime!  Effective training however, unlike the Skittles, is not a one-time event.  Training to create awareness, preparedness and vigilance toward cybersecurity must be repeated periodically so that the information is internalized and put into practice by the staff.

The professional team at IT Radix has a certified training and education resource that includes real-life testing and simulations that can greatly enhance the ability of your staff to deal effectively with cybersecurity threats.  Additionally, it can provide you the assurance you need to provide to vendors and clients that you have put appropriate measures in place.  We would be happy to share more about this with you anytime.  Employees who participate will feel like they found the “golden tickets” in Willy Wonka’s famous Wonka Bars!

First published in our October 2016 IT Radix Resource newsletter

[code-snippet name=”hiding-blog-image”]