Unintended Disclosure: Are You Educating Your Weakest Link?

Oct 9, 2018

Back to Veoci BlogUnintended Disclosure: Are You Educating Your Weakest Link?

Organizations spend hundreds of thousands of dollars hardening their systems with all the latest cybersecurity technologies.  But many often fail to address the human element, especially when it comes to phishing and unintended disclosure.  In this day and age, everyone in an organization needs some fundamental knowledge of information security threats.  It should be common knowledge, like HR policies.  By not educating its people, an organization can end up with vulnerabilities much bigger than hackable code.

System glitches account for a large portion of data breaches, but in fact the majority of data breaches are due to human error and unintended disclosure via phishing. It’s most often the people who aren’t part of the security team, the employees who are just going about their normal routines, who are the biggest security risk.

Take a sales team, for example.  Sales people spend their lives sharing information with their internal and external “partners”.  They are very used to being an informational conduit between the organization and the external world. This personality and work strength may become a threat if someone calls in phishing for information and the “ever happy people connector” isn’t aware that information they inadvertently disclose WILL be used against them.

Of course encryption, forcing strong passwords, firewalls, antivirus, intrusion detection, updating, patching, and scanning your systems is extremely important, but the reality is that preventing unintended disclosure through education is the least technical and most inexpensive tool you can apply.

When I worked as a security professional at a Fortune 500 company a few years ago, our training was essentially me going around and putting notes such as “you got hacked” on someone's computer if they hadn’t locked it when walking away from their desk. Of course, this is nonsense but it did establish imagery in people’s minds about opening access to their data.  We evolved our training to awareness sessions, newsletters, and phishing simulations, which we then shared in awareness sessions to improve people’s understanding of the current security threats. You have to adapt your training to the size and maturity of your organization but whichever it is, you must start somewhere.

There is a common phrase in the cybersecurity community: “It’s not a question of IF you’ll get hacked, but WHEN.” I would add that with the proper tools AND proper education, you have a much higher chance of beating the odds.

Subscribe to the Veoci Blog

Receive all the latest emergency, crisis, and continuity management news, tips, and advice

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Related Posts

Getting the Most Out of Real-World Exercises

Exercising a BCP is rarely as simple as the online guides suggest. A business continuity manager has to jump through a lot of hoops to get that final, show-ready polish on a BCP. They’re often chasing buy-in from each corner of the organization and bugging business unit leads and department managers to test BCPs and record the outcomes. What can a business continuity manager do to encourage the heads in their organizations to actively participate and do their part in preparing for disruptions?

Continue reading
How IT Outages Affect Businesses: Recognizing and Preventing Outages

How much damage can a business system outage cause? As is pretty clear these days, they happen often, and can have serious impact. Take, for example, Visa’s payment network outage. On June 1st, 2018, Visa’s payment system in Europe went down for nearly ten hours, halting many personal and bank transactions. The massive, complex nature of the system made it difficult to pinpoint the root cause of the outage, adding hours of downtime and many degrees of frustration for the company’s customers. After performing their root cause analysis, the company identified a “very rare partial failure” of a switch in one of their data centers as the cause of the outage.

Continue reading
Top 5 Takeaways from DRI 2019

If there was one very clear theme to this year’s DRI conference in Las Vegas, it was the importance of having a diverse community in the world of business continuity management (BCM). From the sessions to the talking points in the exhibit hall, it’s clear that the future of BCM depends on having a strong and diverse community of practitioners and leaders. Here’s our top 5 takeaways from DRI 2019.

Continue reading

Connect with us on Social Media

Join us on our journey to improve emergency, operations, and continuity management!

Veoci Facebook PageVeoci Twitter AccountVeoci Linkedin Company Page

Face crisis and continuity challenges with expert solutions designed for you and your teams.

Learn how Veoci puts you in control