Successful organizations realize antivirus software must be installed on all PCs. Antivirus software works well if updates are automatic and ongoing (as new risks and threats are identified) to prevent expensive damages to PCs, information and reputations.
Wouldn’t it be great if every time a new risk or threat to your organization was identified, you could update your employees and partners? Maybe each morning when they clocked into work, they would just “plug-in” to a system that would make them aware of the new social engineering threats, cyber risks, new regulations, etc.?
We have antivirus software for PCs…why not AntiMistake software for employees?
Every day the headlines reveal new incidents (data breaches, threats, risks, etc.)…and many times these incidents are due to human errors and a total lack of awareness. Incidents are occurring across all sectors – Government, Education, Financial, Healthcare, Manufacturing and Utilities and across all sizes of organizations – from very large international organizations to small businesses. And many incidents are accompanied by large fines and/or lawsuits that have a direct effect on an organization’s bottom line.
A few examples include:
CVS Pharmacy – due to employees throwing away pill bottles with personal information, CVS was ordered to implement an information security program, obtain audits every two years for the next 20 years and pay a $2.25 M settlement for HIPAA violations.
Department of Veterans Affairs – after an employee stored unencrypted information on a laptop, the laptop was stolen and put the personal information of 26.5 million veterans at risk. VA was subjected to 3 years of class action litigation and a $20 M settlement.
House’s Office of Congressional Ethics – a low-level staffer working from home on a personal laptop used a peer-to-peer file sharing program that provided unauthorized access to a confidential ethics
Is your organization implementing lessons learned? Are you “installing” AntiMistake software on your employees?
Once-a-year general training is not enough. Employees (and third-parties) need to be updated on an as-needed and ongoing basis as risks, threats, and best practices change. By implementing an ongoing awareness and accountability program, your organization can avoid becoming the next lesson learned.
I also recommend sharing lessons learned internally with your employees, such as a recent data breach or social engineering incident, so all appropriate personnel understand why they are being required to participate in an ongoing security awareness program. If employees understand that by responding to a phishing e-mail or sending an unencrypted message, they are responsible for their actions that may potentially cost your organization millions of dollars and loss of reputation because of a data breach, they may be more likely to actually read your acceptable usage policies regarding strong passwords, e-mail safety and social networking best practices.
To view Awareity’s AntiMistake Software slideshow, click here.