Here on the strategic playing deck again, chairs. Did you know that the number one security threat to all organizations, large and small, is internal employees clicking on compromised e-mails? E-mail continues to be the number one source for delivering most malware, especially ransomware. Ransomware campaigns continue to reach millions of users every day, and the people you trust to run your organization, the very same ones that are putting it at risk by downloading software they, shouldn't. Falling for phishing scams, clicking on bad links, using bad passwords, and opening infected files. Now that doesn't make them bad people, and they don't do it on purpose. They're just unsuspecting. And that's why it's critical to provide employees with active, ongoing training regarding cybersecurity. Cybersecurity tips like these are a great start, but not enough. I recommend a formal training program for employees that actually simulates phishing attacks and other breaches so they can experience firsthand how easy it is to make a mistake and keep them hyper-aware of security problems. Please remember that many of your executive officers don't want to spend time getting trained. They don't like to be tested on simulated phishing attacks. But those that don't get trained are the most likely to fall for a spear phishing attack, specifically designed to get them to click on some malware and trigger a ransomware attack. None of us are immune to falling for these attacks, so all of us need ongoing training to help us stay vigilant.
