Blog

Why Education Remains a Critical Piece of the Cyber Security Puzzle

October 02, 2019 Ronnie Mize

If you owned a store in town and someone asked you how you plan to protect it, you would probably refer to traditional security measures. Chances are you have a security guard, video surveillance, and an alarm system managed by a third party. All of these help you to keep the premises safe, but what about cybersecurity?

Without securing your wireless and online (technology-based) platforms, even a company’s surveillance footage can become compromised and erased eliminating video evidence of any crime taking place at the business.

When it comes to contact center cybersecurity, the focus is primarily on protecting consumer and client data. While an organization needs antivirus software, firewall systems, and data loss protection tactics, it is critical they continue to educate employees on best practices and what to look for.

The Risk
Failure to create an awareness program and bring employees on board with your cybersecurity initiative means that your organization will always be vulnerable to an attack. Malicious actors understand the weak point in any system may be the human firewall. By exploiting this, a hacker can gain access to even the most secure systems. According to one CNBC article, employee negligence is the biggest cybersecurity risk companies must confront. In a report cited by the article, 47% of business leaders blamed human error for a data breach at their organization.

Here are some of the many ways that failure to create awareness can put an organization at risk.
1. Failure of an Employee to Lock a Workstation
Roughly 25% of employees admit to leaving their computers unlocked. The more sensitive the information is that they handle, the more dangerous this can be. By leaving work stations unlocked when they are away from the desk, any passerby could access files on the computer. What is worse is that this would show up under the employee’s name and they might be held responsible for fraudulent activities until an investigation proves otherwise. At the very least, the workstation should be configured at the network to auto-lock after a specified time of inactivity. This will greatly reduce the chances of someone else gaining access to the workstation.

2. Password Vulnerabilities
One of the common recommendations in the cybersecurity community is that employees should regularly change passwords. However, one Federal Trade Commission article cautions businesses about forcing employees to change passwords too often, especially when they manage multiple log-ins. Employees may work around this by creating simple passwords with easy modifications to keep up. Even worse, they may write them down. These actions create password vulnerabilities that make the accounts easier to hack. Password requirements should be complex in their nature but something easy for the employee to remember that is not easily guessable such as an acronym based on a favorite song.

3. Disabling Multi-Factor Authentication
There are many different types of multifactor authentication. When it comes to MFA, or specifically 2FA, adding a phone number provides a second means of verifying every log-in attempt. Yet, many employees may choose to turn these off, especially on smart devices when they work away from the office. This creates potential access to company data. According to Google, even just adding a recovery number provides the following benefits:

• Prevents up to 100% of automated bots
• Stops 66% of targeted attacks
• Blocks 99% of phishing attacks that occur in bulk

The Proposed Solutions
Some employees will continue to exercise poor security judgment for the entire duration of their tenure unless educated on best practices and the organization’s cybersecurity policy. To do this, companies must do more than send out bulletins with safe practices or publish info in an employee handbook that few workers read.

Here are a few recommendations to follow instead.
1. Regular Training
Employees should receive routine training on best practices. If the training is never updated, then they may skip through the slides or yawn through the meetings just to get it over and done with. Update these practices based on changes in the news or recommendations from professionals. If possible, let cybersecurity professionals teach the course. Keep the employees engaged and request feedback. Allow them to be part of the solution and you will see continued interest and improvement in cybersecurity best practices.

2. Lead by Example
When managers set an example, employees feel more inclined to follow. The manager who leaves their computer unlocked while at lunch or leaves critical paperwork/passwords/etc. lying around carelessly is unlikely to inspire employees to act differently. However, by being an exemplary model of a worker that prioritizes data protection, you will inspire more employees to follow your lead.

3. Hold Each Other Accountable
For this to work, employees and leaders must hold each other accountable. Harvard Business Review notes that the highest performing teams operate under a principle of universal accountability. Put simply, any member of a team should be able to respectfully confront the other about a lapse, irrespective of power differences.

The Bottom Line
In a digitally transformed workplace, cyber security awareness can help companies effectively close off security breach points. However, for this to work effectively, everyone in the organization must be on board. A company’s data breach defenses are only as strong as the weakest access point. Hackers believe this to be the human factor and are now setting up their attack vectors accordingly.

At Etech, we regularly train our employees to keep them updated on new developments in contact center cyber security. We also invest in information technology resources to keep our clients’ and their customers’ data safe. For more information about the role, cyberattack prevention plays in our business model, contact us today.