SoftwareOne logo

5.24 min to readDigital WorkplaceThought Leadership

How to fight fraud with security intelligence

Ravi Bindra
Ravi BindraCISO
A woman's finger is pointing at a colorful screen.

Now more than ever, it is important for organizations around the world to elevate their cyber security awareness. With the large amount of workforces that have gone completely remote, and the level of sophistication cyber-attacks have reached, everyone must take a step back to understand the situation at hand.

Cyber attacks are often due to human error. This means every employee at your organization must know the signs and steps to detect and stave off threats which is why it is so important to invest in your team’s cyber awareness, or you may end up paying for it later. After all, the average cost of a successful phishing attack on a small or medium-sized business is $1.6 million USD. Let’s break down how to fight fraud with security intelligence training sessions so your organization can recognize the signs and stay safe.

The current state of cyber security

According to a study conducted by the University of Maryland, hackers attack on an average of 2,244 times per day. And as reported by Varonis, 56 percent of Americans say they don’t know what to do in the event of a data breach. In short: the threats are high and the current state of cyber awareness is nowhere near where it should be. 

Nowadays, it seems as though there is risk in everything you do, whether you’re in the office or working from home. Unfortunately, that’s because there is. Hackers have found ways to threaten businesses over email, voicemail, private servers, messaging services and more. While it may seem impossible to keep up, you and your team must work to raise your awareness. This is not something the IT department can take on alone - it has to be a joint effort or one mistake could set the entire company back.

How to raise cyber security awareness

If a company experiences a breach, it can become a hugely expensive nightmare. That’s why it’s so important to raise awareness within your organization so that a threat doesn’t send everyone into a panic - instead, it should evoke a procedural response. There are certain steps that must be taken at the first sign of a threat. These steps should be reflected in a business continuity procedure document because there is no time to send in tickets or frantic emails to IT. By investing in the cyber security intelligence of your company, you’re saving time and money in the long run.

So, where do you begin? First, talk to your team. You could keep things as conversational as having a town hall discussion, or as simple as sending out a survey to gauge their level of security intelligence. Both of these methods will help you understand how much your employees already know and how much they are going to need to learn. Once you have a better understanding of where everyone stands, you’ll be able to begin training sessions.

The types of intelligence needed

Cyber security awareness training needs to be interesting to your employees so they’ll remain engaged, but it should also be short enough that they do not get bored. Help your team understand what’s at stake - in terms of costs and data loss - and then begin to work in how they can individually help create a human firewall that truly works. 

As you work through these training sessions, there are certain areas you must be sure to emphasize to your employees. Let’s take a closer look at these:

  • The Bare Essentials - Every member of your organization should have an understanding of what the risks are and where these risks lie. If they don’t, that’s exactly where you should start. This will serve as the foundation for their security intelligence.
  • Email - On a typical day, the average worker sends and receives a large volume of emails which creates greater opportunity for risk. Talk with your team about targeted attacks such as phishing and malicious attachments. And, be sure to let them know there is a time and a place for everything (aka certain confidential documents should not be sent via email).
  • Internet Basics - The devil is in the details when it comes to staying safe on the internet. Your employees must be aware of HTTP versus HTTPS, characteristics of phishing attempts, and knowledge of other common threats so they can safely browse.
  • Tips for the Office - When you’re in the office, it’s crucial to know how to handle both digital and printed documents. Teach your teammates about how to properly dispose of confidential materials and remind them to never leave them lying around their desks.
  • Working from Home - When employees use their own devices on their own WiFi, several new threats can emerge. Make sure you cover how to safely switch between working from home and coming into the office so no threats are brought onto the company network. 
  • Social Awareness - Essentially, everyone should know how social engineering works and the role it plays in cybersecurity. This area is often overlooked but should be included in training sessions to understand what the risks are.

Fraud is not going anywhere

Unfortunately, cyber attacks are not going anywhere anytime soon and are likely to become even more complex. That’s why it is so important to empower your teams with the knowledge they need to go about their daily life. Should an attack occur, both you and your employees are going to want the peace of mind knowing that everyone knows what steps to take next. By jumping into action, that individual could literally save the organization millions. So, sit and talk with your employees.

Get the conversation going to understand where their level of knowledge is and where you can begin to build upon it. Once you do, you can set everyone on the path to fighting fraud with their own, strong security intelligence.

blue digital waves

Digital Workplace Security

SoftwareOne Digital Workplace Security Services add security without contributing to your staffing overhead. We operate a dedicated security operations center (SOC) that tracks data vulnerabilities globally to prevent losses due to break-ins or employee errors.

Digital Workplace Security

SoftwareOne Digital Workplace Security Services add security without contributing to your staffing overhead. We operate a dedicated security operations center (SOC) that tracks data vulnerabilities globally to prevent losses due to break-ins or employee errors.

Author

Ravi Bindra

Ravi Bindra
CISO

Ravi holds over 20 years’ experience as a cyber security evangelist, holding multiple leadership roles in the Swiss pharmaceutical industry, such as Global Head of Risk Management, Global Head of Architecture and Global Head of Security Operations.