October Safety Training: Cybersecurity

Cybersecurity is vital for individuals and organizations alike. Government entities, schools, hospitals and businesses can experience severe human and financial losses from a successful cyberattack. Cybersecurity training should increase awareness of common attack strategies and stress the personal responsibility every person has to recognize and respond to threats.

Cyberattacks are common and often successful

According to the Cybersecurity & Infrastructure Security Agency, cybercriminals have exposed the personal information of nearly half (47%) of American adults. Of homes that have computers, approximately one-third are infected with malware. Globally, the average consumer loses 21 hours and $385 annually due to online crime.

Unfortunately, cybersecurity statistics for businesses are worse. Forbes states that cybercriminals can breach 93% of company networks. Businesses experienced 50% more attempted cyberattacks in 2021 compared to 2020. In 2021, hackers increased their focus on organizations in the education, healthcare, communications and government sectors.

Global data from 2021 shows that 37% of all organizations and businesses experienced a ransomware attack. The total cost of these attacks was $20 billion. In the same year, the average cost of recovery from a ransomware attack was $1.85 million.

Financial loss isn’t the only risk in a cyberattack. In one survey, 70% of healthcare organizations indicated that ransomware attacks delayed critical tests and procedures, causing an increase in patient mortality. Experts say about 50% of hospital computers and other devices connected to the internet are vulnerable to hacking.

Top cybersecurity topics

Since 2004, October has been recognized as Cybersecurity Awareness Month, so it’s the perfect time to focus safety training on mitigating cyberattacks.

• Passwords: Strong passwords are unique, long and complex. Provide users with clear password guidelines (e.g., at least 12 characters long and including letters, numbers and special characters). Remind users to avoid reusing passwords for multiple accounts.
• Multi-factor authentication: MFA adds an extra layer of protection because it prevents hackers from accessing accounts even if they have the correct password. The National Cybersecurity Alliance recommends MFA for all accounts, especially those related to work, school, social media and finances.
• Software updates: Keeping software updated is a crucial part of cybersecurity. Make sure the IT department has a reliable way to inform users when it’s time to update their software.
• Phishing: Phishing is a very common cyberattack tactic, and it can be extremely successful, especially when users don’t know how to verify the authenticity of an email. Train users to recognize common signs of phishing: unexpected links or attachments, poor spelling and grammar, threatening language, generic formats or “too good to be true” offers. Many IT professionals recommend running phishing drills to see how many users can recognize a scam and correctly respond to it.
• Reporting procedures: Tell users exactly what to do to report a phishing email or an unexplained issue with their computer.
• Outage response: Create detailed emergency response plans for ransomware, malware, phishing and other cyberattacks. Make sure administrators can alert affected users no matter where there are, especially if there are remote workers. Develop a clear plan to recover control and restart standard operation procedures.

The nature of cybercrime changes often, so it’s vital to review training materials and emergency plans frequently to make sure they match current threats.

Protect your organization from cyberattacks

Cyberattacks are a significant threat to organizations of all types, from educational institutions to corporations. Protecting workers and assets requires vigilance and a cybersecurity plan that continually evolves to meet new threats. Annual cybersecurity training should focus on current threats and provide actionable steps users can take to protect themselves.

An effective cybersecurity plan relies on continual communication during normal operations and emergencies. Administrators and IT professionals must be able to reach users at all times, especially during unplanned outages and active attacks.

Rave Mobile Safety’s communication solutions support crucial connections via emergency alerts, status checks and targeted notifications. Additionally, our incident collaboration systems facilitate vital connections between IT personnel, users, key stakeholders and external parties, such as law enforcement or government officials. Find out how a prebuilt or customized communication solution from Rave Mobile Safety can improve your organization’s cybersecurity; contact our team today.