When Melanie Levi (pictured) joined the staff of Tripp County, South Dakota three years ago, she brought a strong IT and security background from her previous job at a larger organization in Sioux Falls. This helped prepare her for supporting the network, hardware, software, security, and IT support needs of 30 employees across multiple county offices.
“When I first started working at Tripp County in 2016, an employee had clicked on a link that launched ransomware and locked 13 computers. While users today generally know what to open or not, this is a small rural community and even a few years ago, we hadn’t been exposed to many cybercrime tactics,” she shares. “Back then, employees believed if they had antivirus installed, they’re fine. But today, it really requires a layered defense and ensuring users also take responsibility for security. And that happens through consistent education.”
Cybersecurity Awareness Month is the perfect time to talk about the impact a strong security culture can make for small and mid-size businesses (SMBs).
With an active threat landscape and statistics showing more than one million new users are online each day, educating users about safe computing is one more IT weapon against web threats. From phishing attacks that launch ransomware to cryptojacking that can hijack your device just by browsing a bad website, there is a lot to gain from ensuring employees stay updated about best online security behaviors. This is also a powerful complement to a layered security strategy, ensuring endpoint and network protection are not compromised.
Yet with growing demands on busy IT managers, especially one-person teams or those with limited staff, educating users may fall to the bottom of the priority list. Consider this, research shows that the market’s shortage of skilled cybersecurity workers is not only creating more security incidents, but also preventing IT from using security to its fullest potential. This is where cybersecurity-savvy users can provide value and peace of mind.
Melanie at Tripp County is also battling web threats and turning this into a user education opportunity. Using Avast Business CloudCare, she creates threat detection reports from the CloudCare console that help her explain the risks to employees.
“We have employees surfing news sites where there may be hidden malware,” Melanie says. ”The combination of CloudCare’s content filtering and email security features have been a lifesaver, blocking dangerous websites. I receive the alert notifications and can run reports and show these to employees. This really makes an impact. I’ve noticed web surfing has been reduced and employees are much more cautious.”
“We have to be alert 24/7 and that’s my biggest challenge,” she adds. “It’s always tough to make time for security education, but I try to make time to work with our employees on a one-to-one basis to ensure they understand how to recognize phishing scams and stay safe.”
Stopping threats at a global biopharmaceutical consulting firm
For Julie-Lea Lipszyc (pictured) at BioAcuity Consulting, a biopharmaceutical consulting company with offices in Ontario and Quebec, cybersecurity best practices are critical.
Stopping web and email threats have been her top challenges, and with good reason. A new Ponemon study cited phishing (53%) and web-based attacks (50%) as the top cyberthreats to SMBs. Other research shows enterprises now face a 400% increase in phishing URLs.
As principal of quality and compliance, Julie-Lea’s multiple roles include managing IT operations, overseeing quality assurance, and compliance and regulatory affairs.
“We are a small, fast-growing team spread between two offices, and everyone travels frequently to client sites across the globe. We get a lot of phishing scams as well as emails that contain malware. We are also on the internet daily researching and downloading regulatory information critical to our work,” she explains. “All of this puts us at risk.”
After upgrading to Avast Business CloudCare and its integrated Secure Web Gateway and Email Security services for web and email protection, Julie-Lea was able to reduce online threats by 90% in the first two months, with fewer phishing emails and more control. “We have less phishing emails now and I have much more visibility and control. We haven’t had any incidents since deploying the services.”
She has also gained better visibility to users and devices, and believes this extra set of eyes may be keeping employees safer. “I can see the status of each user in terms of software updated or any antivirus issues. I can see the threats detected and stopped in the alerts and reports. With the ability to monitor security health and discuss issues with users as they arise, our team is more aware of how their actions can impact our security defense,” she adds.
Own it, secure it, protect it
Personal accountability is a key theme when it comes to cybersecurity in the workplace. In the U.S., companies are much more likely (77%) to be compromised through an insider threat than an external attack. Human error has been cited as the cause in two-thirds of data breaches.
This is also a theme in the National Cyber Security Alliance’s Cybersecurity Awareness Month campaign, including these messages:
Own IT
- Never click and tell: staying safe on social media
- Update privacy settings
- Keep tabs on your apps: best practices for device applications
Secure IT
- Shake up your passphrase protocol: create strong, unique passphrases (Check out Avast Business Passwords feature, available in our Antivirus Pro Plus product)
- Double your login protection: turn on multi-factor authentication
- Shop safe online: how to spot and avoid phish
Protect IT
- If you connect, you must protect: updating to the latest security software, web browser, and operating systems
- Stay protected while connected: WiFi safety
- If you collect it, protect it: keeping customer/consumer data and information safe
If you’re finding it tough to make time to help employees get smarter about cybersecurity, check out the tools in our endpoint and network security solutions.