Does Your Firm Need Mandatory I.T. Security Training?
The White House announced this week that it had been hacked, presumably by Russian cyberspies. The operation must have been pretty sophisticated, right? Someone at the State Department -- other than Hillary -- fell for a classic phishing scheme, allegedly opening an unverified document from a scam email. That's a pretty basic mistake. Has the Secretary of Defense started sending federal funds to that Nigerian prince yet?
Let's not lament how easily our government computers were breached though -- the intruders may have had access to sensitive documents since last October. Rather, let's take this moment to remind ourselves of the importance of proper training.
So does your firm need mandatory I.T. security training? Of course it does. Here's why:
An Ounce of Prevention ...
The cost of a security breach can be massive, but even simple steps can help thwart attacks. Security breaches have proven costly and embarrassing not just to the U.S. government, but major corporations such as Target and Sony. And it's not just the big guys who get targeted -- even small firms are facing attacks by hackers.
A breach can cost you a pretty penny, too. Loss of sensitive information can lead to identity theft, business interruption, distribution of confidential information, and reputational damages, just to name a few of the risks. Novel products such as cyber insurance protection can help you deal with the fallout, but training can help you prevent the disaster in the first place.
You Don't Need to be an Expert
The White House hack reminds us that even simple precautions -- like not opening unrecognized attachments -- can make a world of difference. Even if your I.T. team is the best in the biz, updating Norton Antivirus daily, they can be undermined by simple errors made by others. If your firm or office doesn't have a dedicated I.T. team, then general training becomes even more important.
Trainings can go in deep, focusing on decoding suspicious metadata or conducting digital forensics, or they can focus on simple preventative measures. Something as simple as not giving out your bank account information over the phone can help you avoid breaches.
Or think of it this way: you'll probably never regret requiring that extra security training. You could definitely regret it if you don't.
Related Resources:
- The White House Was Hacked -- Could It Happen Again? (Forbes)
- Does Your Firm Need Cyber Insurance? (FindLaw's Strategist)
- Beware of the Dyre Wolf: Sophisticated New Scam Targets US Corps (FindLaw's In House)
- FBI: Actually, Don't Encrypt Your Phone After All (Findlaw's Technologist)