We spend a lot of money to secure our information. In fact, cybersecurity is one of the globe’s fastest-growing industries. According to Gartner, IT security spending will top $81.6 billion for 2016, an increase of 7.9 percent over 2015, and that market is expected to more than double in just three years.
It’s interesting then to note that the same businesses that are willing to pay big bucks to secure information are less likely to invest time and money to educate their employees on cybersecurity practices. In a recent survey conducted by Enterprise Management Associates, just 56 percent of employees reported receiving cybersecurity awareness and policy training.
"Organizations are increasingly focusing on detection and response, because taking a preventive approach has not been successful in blocking malicious attacks," said Elizabeth Kim, a senior research analyst at Gartner. "We strongly advise businesses to balance their spending to include both."
Employee training can help reduce the number of incidents and lower the chances of suffering from a data breach. It’s often easy information for employers to share and employees to learn.
Password management – Proper password management is key to any cybersecurity program. The technical barriers to entry are only as good as the passwords that unlock them. Employees should be required to use passwords that are a certain length, contain upper and lowercase letters and special characters. Consider two-factor authentication for sensitive information. This type of login requires knowledge of not just a password but also use of a phone or key fob.
Various research reports reveal more than two-thirds of data breaches can be attributed to human error. Companies would be wise to make 2017 a year they begin raising cybersecurity awareness for all employees, not just for the IT professionals among them.