It's Change Your Password Day, but is changing your password enough?

For years we have praised the development of technology and rapid innovation, at the same time the increase in sophisticated cyber attacks is not something to rejoice in. Awareness and simulation training in the workplace help prevent these attacks, but then we need to pay more attention to the collaboration between humans and technology. As part of Change Your Password Day, we talk about how companies can better protect themselves from cyber attacks.

Sharp increase in cyber attacks

Outside the office firewall and without the warnings of the IT team, the likelihood of a cyber attack becomes a lot higher. After all, employees rely on themselves (and their knowledge when it comes to cybersecurity). According to recent research from PWC, 45% of security and IT executives expect further increases in cyber attacks. Breaches are not only more common, but with increasing digitalization, attacks are also becoming more costly and dangerous. In other words, the information that hackers can access today is much more extensive than in the past. The impact of a hacked account? That is also increasing, the possible consequences for companies are:

• Financial loss: a cyber attack can result in direct costs, such as restoring systems and replacing data, or indirect costs, such as loss of revenue due to business interruption. According to Cisco, 60% of companies that are victims of a cyberattack are found to go out of business within three years. The fatal blow is not so much the attack itself, but the costs on the way to recovery.  
• Reputational damage: a cyber attack can lead to loss of trust from customers, shareholders and other stakeholders in the company.
• hefty fines: If customers' personal data is stolen you are required to report this under the AVG. As a company you are responsible for protecting this data, should you have been negligent the Personal Data Authority (AP) can impose sanctions.  
• Loss of data: a cyberattack can result in loss or corruption of critical business data, leading to loss of productivity and possibly even legal problems.

Workplace awareness is about more than just changing your password

As security tools and hackers evolve at the same pace, much of the responsibility falls on company employees. Awareness training, security exercises and awareness of cybersecurity policies are several methods that (can) help with this. For example Microsoft 365 the tools to create realistic simulations and train employees. But with the speed at which hackers are becoming more nimble, we have to question whether one-time training and simulation of, say, phishing emails will be enough. As long as awarenes training is based only on technology, sending and creating simulations at set times or at a predetermined pace will not be realistic enough. Want to keep hackers out? Then you need to make sure humans and technology work better together. Make sure employees understand the thinking and strategy behind a cyberattack. Let them get ín the mind of hackers instead of looking at the success or failure rates of simulation tests. 

Man and technology must join hands

A good cybersecurity policy requires more than just handy tools or technology. In fact, effective training is based on behavioral science. That means making simulations more difficult over time so that they grow with the level of awareness in the workplace. Preferably per employee. This requires applying both technical tools and human insight. By meeting hackers on their own playing field and developing simulations with human triggers, you prepare employees for potential cyber attacks. Then, combine this approach with a password manager that securely stores all your passwords and provides an alert as soon as your password is outdated or insecure, you no longer need a day like Change Your Password Day. Hackers are making more and more of an effort, so why should business be left behind?

Wondering if your IT-environment is properly secured? LennMedia is happy to take a look or give advice about securing your online environment.