Canadian Underwriter

Cyber security awareness training critical for businesses, data breaches changing online behaviours

May 27, 2016   by Canadian Underwriter

Print this page Share

Employees need to become advocates of cyber security to reduce associated risks and help better protect the businesses for which they work, suggests Joe Ferrara, president and CEO of Pittsburgh-based Wombat Security Technologies.

“Security awareness training has become a business-critical activity, and it’s more important than ever to have employees become advocates of cyber security. It can’t just be an IT issue,” Ferrara says in a statement Thursday.

“As more and more organizations work to educate their employees about the dangers of poor cyber hygiene, we will begin to see more and more consumers who are better-equipped to identify cyber threats,” he predicts.

“Highlighting the importance of privacy and data protections in the office has a significant positive impact to employees’ personal lives, but it also has a halo effect for the office as well,” Ferrara adds.

Wombat cites results from a recent poll – the National Telecommunications and Information Administration (NTIA), part of the U.S. Department of Commerce, asked the U.S. Census Bureau to conduct a survey about online privacy and security concerns – released last July.

Several cyber security questions were posed to more than 41,000 households in the United States, each of which included at least one Internet user. Analysis of the survey data shows “concerns are up and certain Internet activities, including those that drive business, are down as a result,” notes the statement from Wombat, which provides information security awareness and training software.

The survey found higher degrees of connectivity seem to correlate to greater online risk. In all, just 9% of respondent households that used one web-enabled device (a desktop, laptop, tablet, Internet-connected mobile phone, wearable device or TV-connected device) reported breaches compared to 31% of households connected via five or more devices.

More than a fifth, 22%, of users who connected via a mobile data plan reported an online breach compared to 11% of home-based Internet users, the survey found. “Perhaps not surprisingly, these figures suggest the prevalence of data breaches is higher among segments of our population that are constantly connected,” notes a recently posted NTIA analysis of survey results.

Other results from the survey include the following:

  • 19% of the Internet-active households reported having been affected by a breach in the 12 months preceding the poll;
  • 84% of households named at least one online privacy and security concern compared to 40% of households that named two or more;
  • the most frequently cited concern, noted by 63% of online households, was identity theft; and
  • 70% of households that had had a breach named identity theft as one of the issues that concerned them the most compared to 62% of those who had not experienced a breach.

“According to the survey, the perceived privacy and security risks have led Internet-connected household to cut back on several online activities,” notes the Wombat statement. These activities include conducting financial transactions, buying goods or services, posting on social networks, or expressing opinions on controversial or political issues via the Internet.

“Privacy and security concerns deterred each of these important activities in millions of households, and this chill on discourse and economic activity was even more common among online households that either had experienced an online security breach or expressed two or more major concerns about privacy and security risks,” the NTIA analysis points out.

“Though the, ‘it’s not if, but when’ mindset is reasonable from a security preparation and response perspective, it’s risky to assume that customers share that mentality,” Wombat suggests.

“One of the great benefits of cyber security education is that the knowledge is portable. At the end of the day, employees are also consumers,” Ferrara says.

That means the more work organizations do to educate employees, the more equipped they likely will be to handle cyber threats on and off the job.

“Cyber security is everyone’s business, and that should be stressed at all organizational levels,” Ferrara recommends. “There is a direct correlation between organizations who encourage and promote cyber security education and best-in-class performance,” he contends.