Beware of clickbait: How to build security awareness in your organization

Today only - Free Starbucks Gift Certificate – Click here"

Wait! Don’t be one of the 18% who need a coffee fix so badly you’ll click the link and find you’ve been breached!

Cybersecurity risks are still the #5 priority for CEOs. (KPMG) The average cost for a breach of 1 million records ranges from $1.2 million to nearly $28 million.

And just in case you’ve been living under a rock, the top 6 primary breach methods are:

• Phishing for credentials
• Ransomware
• Malvertising
• Fraud targeting CEO
• Vishing – phone phishing
• Web application attacks

So, how do you create a security-first mindset in your company? Who drives the initiative and who is responsible for its success?

If you answered “Me!”, congratulations on your role as a Mini-Me Chief Information Security Officer!

More than 80% of all data breaches were accomplished by accessing a company’s network with valid credentials. One proven method of protecting your credentials is to alter the behavior of your employees, contractors, and third-party vendors who access your network.

Understanding how to patch human behavior bugs will go a long way toward preventing infiltration by bad actors. Habits drive a security culture, and common sense cannot be relied on to cascade knowledge that instills behavior.

Effective security awareness programs use a variety of methods for diverse audiences.

Experiential, participative efforts are proving to be most effective. Telling people what not to do does little to sustain long-term behavior modification. Instead, simulations and gamification inviting people to think like hackers creates a mindset shift on how to interact with information security.

The primary “behavior bugs” at risk might look like this:

• Trust – Authentic looking email from a trusted source…
• Reward – I’m interested in buying your product, can you tell me about your organization?
• Conformity – Joe always gives me updates but he is out, can you tell me the Q2 numbers?
• Fear – If you don’t give me the info I’ll report you to your manager!
• Morality – Can you hold the door for me please, my hands are full?
• Curiosity – OMG, check out this adorable puppy video! Or, “FREE STARBUCKS!”

There is no “one size fits all” approach. By creating powerful security awareness experiences, you can unlock the hidden CISO mindset in your people and reduce the temptation for free Starbucks!