According to the PricewaterhouseCoopers 2014 US State of Cybercrime Survey [PDF], businesses that don't conduct security training (especially for new hires) stand to lose quite a bit of money if they face a cyber security incident. In fact…
- Businesses that forgo employee security training lose an average of $683,000 annually after a breach.
- Businesses that train employees only lose $162,000 on average after an incident.
In other words, training employees may cut data breach losses by nearly 77 percent!
Admittedly, this study doesn't focus on small businesses, so those numbers may not accurately describe your risk. However, they still underscore just how essential your employees are to your business's cyber security.
Why Employee Security Training Has Such a Big Financial Impact
Oftentimes, a business's employees have access to a lot of valuable information that could jeopardize the company if it fell into the wrong hands, from Social Security numbers and credit cards to medical records and intellectual property. If your employees don't know how to keep this information safe, there's no limit to how much a hacker could glean and resell on the black market if they manage to break into a business's system.
Kansas City even conducted a phishing experiment that showed how much control employees have when it comes to security. At the end of the test, 280 employees inadvertently gave up their login credentials to would-be hackers. If the same scenario happened for real, that would give outsiders 280 chances to infiltrate the entire municipal computer system.
And that's just one example.
That's not to say employees are careless or clueless when it comes to technology. Rather, they may be using technology to access work information from insecure apps or devices without really knowing the risks. Read more about that in "Dating Apps on Your Business Phone? Prepare for Heartbreach."
Can You Afford to Bypass Data Security Training?
Errors can still happen, and hackers may even defy your best defenses. Still, security training can curb financial losses to about a quarter of what other businesses may end up paying when a breach occurs. (As a failsafe, it's still a good idea to have Cyber Liability Insurance, which may help pay for the cost of a data breach.)
To help keep data breach losses to a minimum, be sure to train employees on:
- Common security threats. For example, make sure employees understand phishing schemes and why they should never click on links in suspicious emails. Remind them that you will never ask for their login credentials via email.
- The importance of software updates. A 2015 Verizon Data Breach Investigations Report found that 99.9 percent of vulnerabilities exploited in data breaches were more than a year old. In other words, old or outdated software allowed these breaches to happen. That's why employees should update software as soon as new patches roll out. Read more about that in "The #1 Reason to Update Your Software Today."
- Approved applications. Employees who use "shadow IT" – tech that isn't approved for work use – could inadvertently expose sensitive information. Explain why your security policy requires them to use certain applications or programs so they aren't tempted to use shortcuts.
For more data security tips, read the post "Avoiding a Data Breach: Lessons from TurboTax."