Alarmingly Low Rate of Employees Receive Security Awareness Training

exclamation point

With the state of the economy, it is not too shocking that only 43% of employees receive security awareness training. Many companies have been faced with reducing their workforce and running “leaner and meaner,” thus devoting all hours of the workday to improving the companies bottom-line. It is hard to believe that such an important element has gone the way of the Dodo bird. One would think that more time would be dedicated to security training given the recent and highly publicized security breaches at other companies.

However, the results of a recent survey by Enterprise Management Associates (EMA) show that 56% of corporate employees have not received any security awareness or policy training.

A recent article from SC Magazine explains EMA’s findings, “Security Awareness Training: It’s Not Just for Compliance, 45 percent of employees received their training in a single annual session. But a one-off training session that covers a broad swath of security issues likely isn’t effective.”

According to the report, the average cost of providing security training is only $50. This seems like a small price, but multiply that by a few hundred users and you start to see why this simple exercise in protecting their company may be overlooked. Yet, providing the staff with proper training could result in saving the organization from the far greater expense of a data breach.

“35 percent said they clicked on an email from an unknown source and 33 percent have the same password for both work and personal devices.” White goes on, while “30 percent still leave mobile devices unattended in their car. They need to know why security is important.”

While under-education of the population at large can seem startling, a best practice for increasing security within any environment is to have a strong password policy that includes specific password expiration increments. In order to deploy such a password policy, the company must first roll out a self-service password reset program. Many companies turn to the authentication experts at PortalGuard for their self-service password reset needs and other authentication solutions.

How to Mend a Broken Heart: The Heartbleed Bug and what you need to know to protect yourself

broken heart

 

The news broke this week that the Heartbleed Bug had attacked an undetermined amount of websites and their users worldwide. At this time it would seem that a large number of people are affected, however, the magnitude of this Bug may not be made clear for some time. Last year, the Adobe breach  numbers grew drastically as time moved forward.

So what is the Heartbleed Bug?

The researchers who uncovered the problem describe the Bug as a serious flaw within OpenSSL.

“The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).”

Currently affected sites:

Some of the popular websites that have been listed as vulnerable include the following:

-Yahoo.com

-Imgur.com

-Flickr.com

-Okcupid.com

Click here for a full list.

How you can protect yourself.

There a couple of different steps you can take to proactively protect yourself. The first step would be to change your passwords on all of the effected sites that are listed above. It would also be good practice to change all of your passwords in general, just to play it safe. The other, more drastic option would be to avoid using the identified sites entirely. However, this may not be a possible option if you are an active member of the sites affected.

Although many websites do not require password resets to occur on a regular basis, the authentication experts at PortalGuard highly recommend changing your password every 90 days. If you take this simple action, it can possibly save you from a lot of frustration and heartache.

Are You Only a Hacktivists Away from Chaos?

Hacktivist

Data security is a hot topic right now with Target, Michaels, and other large companies reporting data breaches. After all the time, money, and publicity from the breaches, I am sure they wish they could turn back time and deploy a stronger authentication to guard against the black market hacktivists that caused the chaos.

 

In Cameron Shilling’s article “Is Your Business a Data Breach Away from Disaster?,” Shilling states, “data security breaches are not just perpetrated by Internet hackers looking for credit card numbers. For example, health care providers are targeted for medical ad insurance information, and educational institutions are targeted for financial aid and personal information about students, parents and alumni.” If your company is housing private information, you are a target for the hacktivists. No matter how small or how large, your company is at risk.

 

Even though this is a serious problem, we take these warnings and disregard them with thoughts like “it could never happen to me” or “that takes too much time and money.” But it could happen to you, and a serious data breach is just one hacktivists away, resulting in losing personal information and creditability with your customers.

 

Many companies do not realize that the cost of a data breach can cost hundreds of thousands of dollars.

 

Shilling also points out that there are unforeseen costs to a companies data breach; “costs include direct expenses to investigate, provide notifications and remediate the breach, such as for legal counsel, computer forensic consultants, public relations specialist, credit monitoring services and price concessions,” these make up about 40% of the total costs for “fixing” a data breach. Shilling goes on to point out that “the greater losses, which are often hidden to most businesses, arise from indirect costs, like diminishing revenue and profits from lost customer business, and diminishing employee productivity from time spent addressing the breach and its aftermath.” Without a doubt, it is more cost effective and efficient to deploy a strong authentication solution before the breach takes place.

 

Everyone should take the necessary steps to secure their systems and private information. It is well worth the effort to protect against breaches. Many companies and organizations are turning to the affordable, strong, hassle-free two-factor authentication like PassiveKey, created by the authentication experts at PortalGuard.

 

Don’t be at high risk anymore!

 

 

 

Shilling, Cameron G. “Is Your Business a Data Breach Away from Disaster?” Business Magazine Mar. 2014: 26-27. Print.