When your data is breached, it is most often as a result of a security gap in your network as well as a human gap. According to a report from the Ponemon Institute, companies are attacked an average of 16,856 times a year. Further, “43 percent of U.S. companies experienced a data breach in 2014,” according to the institute. You heard about them in news reports last year – Target, Home Depot, Staples and others.
It’s common knowledge that there is potential malware on networks, but breaches don’t only exist online. Data risks also exist in stores since every point-of-sale (POS) system is a digital environment. Employers can do a better job of guarding against “insider threats,” says Connie Stack, chief marketing officer for Digital Guardian, a data protection security firm. This is known as a “human firewall.”
Internally, a POS system’s card reader allows for opportunities to be compromised. Additionally, employees have access to credit card numbers that they may download or email. Externally, criminals can target employees using tactics like spearfishing to access company networks. Stack says, “spearfishing attacks are one of the most effective methods for hackers because you’re bound to get some percentage of people who will click on it, infecting their computer and the network in the process.” An attacker only has to find one weak link to get into your system.
Stack suggests HR-conducted security awareness training to build and strengthen a company’s human firewall. HR needs to tell employees that “if it looks suspicious, don’t click it” and to think, “this seems odd that the CFO is emailing me a spreadsheet,” if that is something that’s never happened before, says Stack. Security awareness training can transform your human firewall from a potential liability to an asset.