A single unauthorized download recently crippled the Louisiana state Office of Motor Vehicles (OMV) by infecting the government network with ransomware. This caused many of the office’s email and internet services to be disrupted, as the cybersecurity response team had to disconnect large portions of the network.
Impacts from cyberattacks often go beyond financial losses, affecting your clients’ operations
Not only did the attack disrupt the government’s network, but it impacted businesses such as trucking companies that couldn’t apply online for things like “overweight permits”. When you think of the far-reaching effects of an attack like this, the impacts can cause more than just productivity losses. There is the real potential for a loss of public trust in the organization that suffered the attack.
Telling employees to “be more careful” is not helpful when they have productivity goals
Employees often have the best of intentions when they want to download software from the internet. Giving them the benefit of the doutbt, they might think it will make them more productive. But if they don’t understand the risks of installing unauthorized software, the business is at risk of being put completely out of commission for days or weeks. Ransomware can not only lock up a computer by encrypting all of the data on it, but it can spread rapidly to all computers, servers and file storage systems connected to the same network.
If employees haven’t been properly engaged, is it really their fault?
Of course, it’s easy to point the finger at employees who didn’t follow a published security policy, as the Louisiana Cybersecurity Commissioner did by saying, “Somebody didn’t play by that book, and if it was up to me, I’d fire that person.”
The problem with taking this position is that employees are often trying to work with conflicting priorities, to be productive and at the same time, work safely with sensitive information and systems. If the organization doesn’t have an effective cybersecurity awareness program in place, then employees are often ill-equipped to remember the rules, or even to consult the procedures, in risky situations.
That’s not really their fault. It’s the fault of management who has not adequately prepared the employees to handle the risks they face on a daily basis, and make good decisions in the face of conflicting priorities.
Click Armor Gamified Security Awareness Training engages employees and improves knowledge retention
Want to assess your skill at avoiding phishing attacks?
A reference article with more info on this incident can be found here.
Cyber Security
Phishing Defense
Phishing threatens businesses and opens the door to ransomware. Fight phishing and spear phishing attacks with gamified learning.
Social Engineering Defense
Social engineering scams are a serious hazard to businesses. Fight back with Click Armor.
Cyber Security Awareness for Remote Workers
Home-based workers are vulnerable to cyber attacks. Build team immunity today.
Privacy and Compliance
PCI Compliance Awareness
When team members work in an environment where they may encounter cardholder data, they need to know what to do to protect it.
Gamified HIPAA Compliance Awareness
If your business is a supplier to a healthcare provider in the USA or Canada, your team needs to know what to do to protect Protected Health information (PHI).
Gamified Learning Platform
Active Awareness Platform
Experience the power of tailored gamified learning with Click Armor. Take your security awareness training to the next level.
