What Happens Once We Hit Send
Most of us don’t realize how deeply connected we are online. Everyone knows the dangers lurking in cyberspace, yet we pay scant attention to what happens once we hit send. If we think of it at all, it’s usually “it’ll happen to someone else”.
Consider this real-life scenario
You receive an account statement via email. There’s a *.pdf attachment with your full contact information, account numbers, reference to your banks and the credit card used for your last transaction.
Can you spot the threat here? Email as a means of communication is a significant point of failure. The importance of protecting data once it leaves you is key since you really know it’s fate once its released.
In the scenario, interception will have grave consequences. We can safely conclude someone’s personally identifiable information will be stolen. This is almost a certainty, why would it be intercepted otherwise?
Just for good measure, let’s go a bit further. Should our perpetrator have a few minutes to spare there’s lots more he could do. Before spending his victim’s money, why not use all that handy information to backtrack into the financial institution’s network. There’s more than enough personal information to use social engineering for a soft approach. Since the company finds this practice acceptable, we can conclude there are other fundamental gaps in their information security policies.
Prevention starts with knowledge
Employee awareness is critically important but doesn’t need to be a financial strain. An environment where everyone knows what to look for in a cyber-attack has a better chance of avoiding infiltration from threats like PHISHING attempts and RANSOMWARE.
Studies show that repairing damage to a company’s network and reputation can be more costly than the breach. Information security should be the responsibility of every employee.
Next meeting, raise your hand, ask these two questions at the highest management level you can reach.
- “How much is our data worth?”
- “What are we doing to protect our data and our clients’ private information?”
Next performance appraisal, mention basic cyber awareness training as part of your personal development goals.