2018 was filled with privacy and security fiascos. The latest news item you may have heard about was the KARS4KIDS breach. One would think a large nonprofit would have the right security measures in place, but sometimes security is overlooked due to cost and the mindset of "if it's not broken, don't fix it". Their breach involved a hacker infiltrating their server, where more than 20,000 records where left accessible to the World Wide Web. The data included donor email addresses and donation receipts, which included customized links to a donor’s tax receipt. The nonprofit's surely tarnished their reputation with this security oversight.
The Boston Globe released an article today that Save The Children Federation was fooled into sending $1 million dollars to a hacker overseas in Japan after an employee's account was hacked. The hacker posed as an employee, and created false documents to trick the organization into sending the money. If the other workers had been trained, they could have recognized the warning signs and avoided the costly mistake.
No matter which security measures you have in place, you need to have your employees informed and trained on best practices for email security. The current IT security tools available for monitoring cannot prevent an attack if your employee was the one who clicked on a phishing link or forgot to change their password.
To start 2019 with a simple, effective, IT security strategy is an excellent New Years resolution and gives your Executive Director, Board Members, and donors peace of mind. Better yet, your professional peers will say it's the most fun way to spend a security budget.
This list is the backing you need to get budget and roll out new-school security awareness training before IT security becomes an issue.
Here are the Top 5 reasons...
- Social Engineering is the No. 1 go-to strategy for cybercriminals. Unfortunately, their time is money too. Why spend 2 months of research uncovering a potential software vulnerability when you (literally) can create an effective spear-phishing attack in 2 hours? They are going after the human—the weakest link in IT security—and your last line of defense.
- Ransomware is only going to get worse in 2019. Email is still hackers favorite attack vector, and their sophistication is increasing by the month. The business-threatening downtime caused by ransomware can be massive and costly.
- Compliance requirements for awareness training are being sharpened up. The thinking that you can get away with a yearly one-time, old-school awareness training session for your staff is in the past. On May 25, 2018, enforcement actions for General Data Production Regulation(GDPR) begun.
- Legally you are required to act "reasonably" and take "necessary" measures to cope with a threat. If you don't, you violate either compliance laws, regulations, or recent case law. Your organization must take into account today's social engineering risks and "scale security measures to reflect the threat". Today, data breaches cause practically instant class action lawsuits. There is even possibility for your own employees to file a class action against your own company because your W-2 forms were exfiltrated with CEO fraud.
- Board members' No. 1 focus today is cyber security. Some very pointed questions will be asked If they read in the local news that your donor database was hacked and the breach data is being sold on the dark web. Once it becomes clear that your organization did not deploy a simple, effective strategy that could have prevented this, C-level execs will be under fire. Target's CEO and CISO are just an example. Help your Executive Director keep their job.
Tech Networks has strategically partnered with KnowBe4 to provide security awareness training and phishing testing because:
- KnowBe4 was recognized by Gartner as a Leader in the Magic Quadrant
- Goldman Sachs recently invested a $30M Series B in KnowBe4 because they believe in their mission
- The KnowBe4 platform was built from the ground up for IT pros that have 16 other fires to put out
- The KnowBe4 ModStore has the world's largest choice in fresh awareness training content
- Pricing is surprisingly affordable!
- BONUS: It's actually a lot of fun to phish your users and get the conversation started.
Feel free to reach out to learn more on how we can help you stay ahead of the cybercriminals in 2019. We can give you a quote for new-school security awareness training and show you how affordable this is.
If regular cybersecurity training isn't in your budget, the second-best step you can take is an IT security assessment. Tech Networks of Boston can scan your network to find any vulnerabilities and provide a report with recommendations. Performing an assessment now can save you time, money, and headaches in the long run, and keep your data secure.