How to fight fraud with security intelligence

This blog has been updated January 2023 and continues our cyber security user awareness campaign, all of which can be viewed here:

1. How to fight fraud with security intelligence
2. The 6 biggest email security risks for enterprises
3. Security is not privacy: ways to keep personal data secure
4. Building a mobile threat defense for your enterprise devices
5. How to cut security risks for remote workers
6. 10 surprising security risks in your office
7. Do you know all types of internet security threats?
8. Steps of a successful cyber security user awareness program
9. How to reduce security risks in the future

Now more than ever, it is important for organizations around the world to elevate their cyber security awareness. With the large amount of workforces that have gone completely remote, and the level of sophistication cyber-attacks have reached, everyone must take a step back to understand the situation at hand.

Cyber attacks are often due to human error. This means every employee at your organization must know the signs and steps to detect and stave off threats which is why it is so important to invest in your team’s cyber awareness, or you may end up paying for it later. After all, the average cost of a successful phishing attack on a small or medium-sized business is $1.6 million USD. Let’s break down how to fight fraud with security intelligence training sessions so your organization can recognize the signs and stay safe.

The current state of cyber security

According to a study conducted by the University of Maryland, hackers attack on an average of 2,244 times per day. And as reported by Varonis, 56 percent of Americans say they don’t know what to do in the event of a data breach. In short: the threats are high and the current state of cyber awareness is nowhere near where it should be. 

Nowadays, it seems as though there is risk in everything you do, whether you’re in the office or working from home. Unfortunately, that’s because there is. Hackers have found ways to threaten businesses over email, voicemail, private servers, messaging services and more. While it may seem impossible to keep up, you and your team must work to raise your awareness. This is not something the IT department can take on alone - it has to be a joint effort or one mistake could set the entire company back.

How to raise cyber security awareness

If a company experiences a breach, it can become a hugely expensive nightmare. That’s why it’s so important to raise awareness within your organization so that a threat doesn’t send everyone into a panic - instead, it should evoke a procedural response. There are certain steps that must be taken at the first sign of a threat. These steps should be reflected in a business continuity procedure document because there is no time to send in tickets or frantic emails to IT. By investing in the cyber security intelligence of your company, you’re saving time and money in the long run.

So, where do you begin? First, talk to your team. You could keep things as conversational as having a town hall discussion, or as simple as sending out a survey to gauge their level of security intelligence. Both of these methods will help you understand how much your employees already know and how much they are going to need to learn. Once you have a better understanding of where everyone stands, you’ll be able to begin training sessions.

The types of intelligence needed

Cyber security awareness training needs to be interesting to your employees so they’ll remain engaged, but it should also be short enough that they do not get bored. Help your team understand what’s at stake - in terms of costs and data loss - and then begin to work in how they can individually help create a human firewall that truly works. 

As you work through these training sessions, there are certain areas you must be sure to emphasize to your employees. Let’s take a closer look at these:

• The Bare Essentials - Every member of your organization should have an understanding of what the risks are and where these risks lie. If they don’t, that’s exactly where you should start. This will serve as the foundation for their security intelligence.
• Email - On a typical day, the average worker sends and receives a large volume of emails which creates greater opportunity for risk. Talk with your team about targeted attacks such as phishing and malicious attachments. And, be sure to let them know there is a time and a place for everything (aka certain confidential documents should not be sent via email).
• Internet Basics - The devil is in the details when it comes to staying safe on the internet. Your employees must be aware of HTTP versus HTTPS, characteristics of phishing attempts, and knowledge of other common threats so they can safely browse.
• Tips for the Office - When you’re in the office, it’s crucial to know how to handle both digital and printed documents. Teach your teammates about how to properly dispose of confidential materials and remind them to never leave them lying around their desks.
• Working from Home - When employees use their own devices on their own WiFi, several new threats can emerge. Make sure you cover how to safely switch between working from home and coming into the office so no threats are brought onto the company network. 
• Social Awareness - Essentially, everyone should know how social engineering works and the role it plays in cybersecurity. This area is often overlooked but should be included in training sessions to understand what the risks are.