AwareGO security blog

Stay up to date on security threats. AwareGO focuses on security awareness training, we help prevent phishing, tailgaiting, social engineering and multile other threats. Find our Threat-list here

Ok, we’re pretty sure you’re not throwing a big party in celebration of GDPR’s anniversary, however, perhaps you should! After all, there are multiple benefits to GDPR

Last year companies in Europe and around the world worked hard to implement GDPR in their operations. This meant organisations needed to start thinking about how they collect and store data from their customers and/or subscribers.

Members of the general public will always value their privacy and, after 6 months of GDPR, according to Deloitte‘s findings, a perceptual change had taken place in consumer‘s minds. 44% of respondents believed that organisations cared more about their customer‘s privacy than before.

It gets better

Customer data and privacy are not the only things GDPR will help organisations with in the long rung. GDPR compliance requires organisations to offer cyber security training to their employees. The overall effect of this regulation will not only help them keep their customers‘ data safe but also their own data and their staff‘s.

News of major data breaches have been getting significant amount of coverage in the news over the past few year. Big multinational companies have lost large amounts of consumer data. 17% of Deloitte‘s survey respondents said they would stop using a service or buying from an organisation if they were subject to a data breach. A further 35% said they would make a decision on whether to stay or go based on how well they trust the organisation. A solid reputation clearly goes a long way. 

Having a history of a data breach would raise concerns for 70% of respondents and negatively impacted their level of trust. Consumers in general are obviously well aware of their rights and they do take a company’s reputation into consideration. 

Having a strong security culture in place will minimize the risk of a breach and also give employees clear guidelines on how to react should a breach occur. This can make all the difference between how consumers perceive the organisation and if they want to put their trust in it or not.

Online shopping and data securityArticle 39b of GDPR

If organisations adhere to article 39b of GDPR it means they will be training their employees in cyber security awareness. Those who take this part of the compliance seriously can reduce their risk of a data breach significantly. They also reduce the risk of damaging their reputation, loosing the trust of their customers and the risk of being subject to fines or class action law suits. Cyber security awareness training is not just a luxury reserved for big organisations. Companies with less than 1000 employees are at the greatest risk. Furthermore, according to TechJury, 43% of all cyber attacks seem to be aimed at small companies. 

Human error is the way in for 9 out of 10  successful data breaches, ransomware attacks and other types of cyber crimes. When employees are well trained in cyber security awareness they are less likely to fall for cyber criminals’ schemes, such as phishing. That is how cyber security training can turn employees from a risk to becoming the organisation’s biggest cyber security defense force.

GDPR anniversary 1 year in binary numbers with EU star circleHow have people and organisations responded to GDPR this past year?

  • Over 144,000 queries and complaints were sent to Data Protection Authorities in Europe. A significant increase compared to 2017. (EDPB)
  • 89,271 Data breach notifications were sent to DPA’s.
  • UK government’s Department for Digital, Culture, Media and Sport reported a reduction in the percentage of businesses suffering a cyber-breach or attacks. (IntelligentCISO)
  • 70% of organisations saw an increase in staff focused on GDPR compliance. (Deloitte)
  • 65% of organisations felt they had sufficient resources to sustain GDPR.
  • 87% of organisations now have a Data Protection Officer. (DPO)
  • Well over 70% of consumers are aware of their key rights regarding personal data.
  • The right to erasure had been used by 12% of consumers.
  • 20% of consumers said they had used their right to opt out of direct marketing
  • 60% of consumers are willing to share more data to receive personalised benefits and discounts.

GDPR 1 year anniversary data safety regulationHow to celebrate GDPR’s anniversary?

How about giving your employees and/or co-workers a free GDPR training, courtesy of AwareGO?

We are celebrating 1 year of GDPR with a free trial which includes 3 training videos focusing on data safety.

You can sign up for free and start the training within minutes. Our LMS platform is that easy!

 

Did you think GDPR compliance was done at your company once you got your mailing-list subscribers to opt-in? Or once you fixed a few things on your website? From now on it is your organisation’s duty to protect any and all personal information you client or subscriber might give you. Furthermore, you must implement certain data protection principles within your company. These are the basic facts of GDPR and the ones most companies have already complied with. But wait, there‘s more!

Stamp that says GDPR compliant

GDPR is in effect everywhere in the EU. It also applies to every organization that does business with citizens of the EU. According to the GDPR, any company that handles personal data of any kind (be it a European company or non-EU company handling EU citizen‘s personal data), must now implement measures to keep this data as safe as possible. This means that data protection measures need to be in place both within the company‘s systems (such as by encryption) and within the company‘s culture.

GDPR and good security culture

GDPR compliance or not, it always makes sense to take data privacy seriously. Part of complying with GDPR will actually help organisations protect themselves against cyber attacks. Cyber attacks are expensive. Even more expensive than paying those GDPR non compliance fines! When organisations raise their cyber security awareness through active security culture and training, they minimize the threat of attacks. As a result they help safeguard the personal data they are legally obligated to protect under the GDPR laws.

Security training for GDPR compliance
For many companies, implementing a security culture falls onto the DPO‘s role but for others it is the responsibility of the HR or the IT department. Depending on the size of your organisation, resources to implement cyber security awareness training vary greatly but one thing is for certain: If you don‘t have the time or the money to implement security awareness training, you definitely do not have the time or the money to deal with a security breach, fines and loss of data.

Comply with GDPR in no-time

Security Awareness TopicsWe’re here to help! AwareGO has created an easy to use cloud-based Learning Management System (LMS) with high quality security awareness videos that you can start using right away. Adding users to the system is quick and easy and so is sending out security awareness campaigns. Admins can even plan the whole employee training for the year ahead.

Each training video is around 1 minute in length. This minimizes the interruption to your employees and keeps them focused throughout the whole training. We release two new awareness training videos a month on topics ranging from phishing and CEO scams to physical safety such as tailgating and unattended computers. For small and medium businesses our LMS and security awareness training videos are available directly via our website and our prices are very compatible. You can become GDPR compliant in no time.

We believe in our product and we are dedicated to improve cyber security awareness for a safer workplace. That‘s why you can test our learning management system for free and send your employees two of our security awareness training videos as well.

Sign up for a free trial to see what we‘re all about.

Awareness training facts

Security awareness training is vital for businesses of all sizes. Many businesses rely on software and policies to keep their data secure, but that’s not enough. According to Verizon’s 2017 Data Breach Investigations Report, 81% of hacking related breaches used weak or stolen passwords. It’s simple: Employees are the biggest gap in your security wall. No matter how great your software is, it only takes one person to click the wrong link, and you have a massive security breach that costs an average of $100,000 to recover from.

A security awareness training program is key to helping employees understand how to avoid problems and how not to be the person who puts the entire network at risk.

Here are 4 important security awareness tips that you need to know before you start training your employees.

Security Awareness Tip no. 1

71% of organizations were successfully spear phished in 2014

Spear phishing is a targeted attempt to gain access to an executive’s credentials, like passwords. This is contrasted with just-plain phishing where a trap is laid in the hopes that someone will fall into it.
Spear phishers target executives, often a specific executive, in an attempt to get into a certain system.

Spearphishing email on phone fact
Spear phishing, like most hacking attempts, is a behavior-based hack. Many business owners think of hackers as using software to break past a firewall or trying to find a backdoor into a piece of software. In truth, over 90% of all hacks occur because someone clicked a link in an email, opened an infected attachment on an email or went to a malicious website.

The 2016 US Presidential campaign hacks were the result of spear phishing attacks. An email was sent out by hackers saying the user needed to change their password. The user did, but it was on a bogus site. Then the hackers stole their password and data.

Another technique which was used was to infect the network with spyware that was able to observe online activity and the hackers stole passwords and emails that way.

Over ⅔ of executives have been successfully spear phished. This means that it’s not about intelligence or education; security awareness training is about knowing what to look for in emails and on websites.

Security Awareness Tip no. 2

Phished people were exposed to an attack for an average of 17.5 hours before antivirus software discovered it

Antivirus and anti-malware software are vital, but they’re not foolproof. Even if a program is actively scanning your system, it might not find a phishing attack for hours, days or it might not find it at all. Most antivirus software doesn’t actively scan. Furthermore, most of the software scans only once or twice a day and it requires periodic updates. For an average of almost 18 hours phishing emails will hang in someone’s inbox, waiting to be opened, before anti-malware software finds it and neutralizes the threat. For this reason teaching staff to recognize phishing emails is imperative. Lots of folks figure, “We have antivirus software, so if it’s in my inbox, it must be okay.” Dispelling this myth needs to be part of your training.

Security Awareness Tip no. 3

Security awareness training can reduce a company’s exposure by up to 70%

Cost of security breach factFew things will give you the ROI that security awareness training does. According to the most recent IBM Cost of a Data Breach Study, on average, a breach costs $148 per stolen record. Take a moment to consider that – that means that if you have 100 records stolen, it will cost your company $14,800. A thousand records would be $148,000!
What’s the average size of your spreadsheets or data files that contain client or staff information? Multiply that by $148 and see if you’re willing to pay that amount or the cost of a good security awareness program.

If you can reduce your exposure to loss by 70%, why wouldn’t you do it?

Security Awareness Tip no. 4

Employee data is often stolen too

When we think of data breaches, we often only consider customer data – information entrusted to us by our customers. What many employees forget is that their data is on the company network as well.
Every employer has their employees’ social security numbers, but that’s not all they have. Employee’s personal email logins can be found on most systems. In addition there are addresses, phone numbers, social security numbers of children and spouses, medical data, emergency contacts’ personal data and more is sitting on the company’s network.

If the network is hacked, there’s a very real chance that employees’ personal data will be taken as well.

What all of this means for your company and employees

All of this is important to understand as you start training your employees. Each of these security awareness tips is a lesson that needs to be clearly understood.

  • 71% of executives were successfully spear-phished in 2014 – Unless one is to assumes that 71% of executives have below average intelligence, being smart has nothing to do with your vulnerability. It has to do with attention to messages and knowing what to look for.
  • Phished people were exposed to an attack for an average of 17.5 hours before antivirus software discovered it – Staff can’t rely on antivirus/anti-malware software to protect them. They must be vigilant.
  • Security awareness training can reduce a company’s exposure by up to 70% – The ROI of security awareness training far outweighs any costs incurred. In fact, other than locking the front door, there isn’t anything a staff member can do that can save the company more money.
  • Employee data is often stolen too – This is personal. Each employee needs to understand that the company’s servers contain their data as well. They need to know that they are as vulnerable as anyone else.

Security awareness training is simply part of life in the modern computer age. It needs to happen.

Payments available