Luckily the data breach only affected a few hundred users, but there are some valuable lessons to be shared on how important it is to implement new-school security awareness training across your whole organization.
Monthly short training reinforcement followed by simulated phishing tests
“Organizations need to ensure that all employees are frequently educated about social engineering, receiving training at least once a month followed by simulated phishing tests, to see how well employees understood and applied the training,” said Roger A. Grimes, Data-Driven Defense Evangelist at KnowBe4.
Assess your employees for their strengths and weaknesses
KnowBe4 has a 10-minute Security Awareness Proficiency Assessment, grounded in recent research, to assess your user's susceptibility to cybercrime, and more specifically, their susceptibility in relation to your organization’s cyber security needs. Learn more about proficiency and culture assessments.
Employees found to be susceptible to a particular type of social engineering attack should be required to take more and longer training until they have developed a natural instinct to recognize these types of attacks. This process can be fully automated with smart groups.
Above all: Don’t get a reputation as an easy target
This latest data breach reveals that organizations can’t afford to gain a reputation as an easy target. If your org falls victim to a data breach, then there’s a high likelihood that other attackers will attempt to target you again, making the assumption that your organization has weak security controls.
A good example is a recent CyberReason report that shows that 73% of all organizations have experienced a ransomware attack in the last 12 months, and of those that were attacked, the question of paying whether the ransom was paid always comes up. But even after paying the ransom, 80% experienced a second attack and 68% were asked for a higher ransom!
The only way to avoid this predicament is to implement the latest detection and response solutions and investing in frequent security awareness training to help employees embrace security best practices and so that they become an effective last line of defense.
Here are 10 more best practices that you can make your organization a hard target:
Valuable education infographics such as our Social Engineering Red Flags PDF and more will teach your users to identify these types of attacks. Venture Beat has the full story with links .