How to Fight Fraud with Security Intelligence

This blog kicks off the first of our 12-part Cybersecurity User Awareness campaign, all of which can be viewed here:

1. How to Fight Fraud with Security Intelligence
2. The 6 Biggest Email Security Risks for Enterprises
3. Security is Not Privacy: Ways to Keep Personal Data Secure
4. Building a Mobile Threat Defense for Your Enterprise Devices
5. How to Cut Security Risks for Remote Workers
6. 10 Surprising Security Risks in Your Office
7. Do You Know All Types of Internet Security Threats?
8. Steps of a Successful Cybersecurity User Awareness Program
9. How to Reduce Security Risks in the Future

According to a study conducted by the University of Maryland, hackers attack on an average of 2,244 times per day. And as reported by Varonis, 56 percent of Americans say they don’t know what to do in the event of a data breach. In short: the threats are high and the current state of cyber awareness is nowhere near where it should be. 

Nowadays, it seems as though there is risk in everything you do, whether you’re in the office or working from home. Unfortunately, that’s because there is. Hackers have found ways to threaten businesses over email, voicemail, private servers, messaging services and more. While it may seem impossible to keep up, you and your team must work to raise your awareness. This is not something the IT department can take on alone - it has to be a joint effort or one mistake could set the entire company back.

If a company experiences a breach, it can become a hugely expensive nightmare. That’s why it’s so important to raise awareness within your organization so that a threat doesn’t send everyone into a panic - instead, it should evoke a procedural response. There are certain steps that must be taken at the first sign of a threat. These steps should be reflected in a business continuity procedure document because there is no time to send in tickets or frantic emails to IT. By investing in the cybersecurity intelligence of your company, you’re saving time and money in the long run. 

So, where do you begin? First, talk to your team. You could keep things as conversational as having a town hall discussion, or as simple as sending out a survey to gauge their level of security intelligence. Both of these methods will help you understand how much your employees already know and how much they are going to need to learn. Once you have a better understanding of where everyone stands, you’ll be able to begin training sessions.

Cybersecurity awareness training needs to be interesting to your employees so they’ll remain engaged, but it should also be short enough that they do not get bored. Help your team understand what’s at stake - in terms of costs and data loss - and then begin to work in how they can individually help create a human firewall that truly works. 

As you work through these training sessions, there are certain areas you must be sure to emphasize to your employees. Let’s take a closer look at these:

• The Bare Essentials - Every member of your organization should have an understanding of what the risks are and where these risks lie. If they don’t, that’s exactly where you should start. This will serve as the foundation for their security intelligence.
• Email - On a typical day, the average worker sends and receives a large volume of emails which creates greater opportunity for risk. Talk with your team about targeted attacks such as phishing and malicious attachments. And, be sure to let them know there is a time and a place for everything (aka certain confidential documents should not be sent via email).
• Internet Basics - The devil is in the details when it comes to staying safe on the internet. Your employees must be aware of HTTP versus HTTPS, characteristics of phishing attempts, and knowledge of other common threats so they can safely browse.
• Tips for the Office - When you’re in the office, it’s crucial to know how to handle both digital and printed documents. Teach your teammates about how to properly dispose of confidential materials and remind them to never leave them lying around their desks.
• Working from Home - When employees use their own devices on their own WiFi, several new threats can emerge. Make sure you cover how to safely switch between working from home and coming into the office so no threats are brought onto the company network. 
• Social Awareness - Essentially, everyone should know how social engineering works and the role it plays in cybersecurity. This area is often overlooked but should be included in training sessions to understand what the risks are.

Unfortunately, cyberattacks are not going anywhere anytime soon and are likely to become even more complex. That’s why it is so important to empower your teams with the knowledge they need to go about their daily life. Should an attack occur, both you and your employees are going to want the peace of mind knowing that everyone knows what steps to take next. By jumping into action, that individual could literally save the organization millions. So, sit and talk with your employees. Get the conversation going to understand where their level of knowledge is and where you can begin to build upon it. Once you do, you can set everyone on the path to fighting fraud with their own, strong security intelligence.