The short answer is – VERY important. The fact is, the better your technical and infrastructure defenses are, the more likely it is that a social engineering attempt will be made on your people.
In 2013, over 89% of breaches and data loss incidents were deemed preventable through security awareness and execution programs. More relevant, 60% were the direct result of social engineering and other attacks that began with employees that had no substantial access to data. Put another way, 60% of the over one billion records lost in 2013 were the result of employees.[1]
EBay is just the latest victim. Recently, approximately 145 million user records were accessed in what may become one of the largest data breaches in history.[2] As is most often the case, the breach occurred long before the company became aware.[3] According to Reuters “eBay provided little information about how the hackers got in. It said they obtained login credentials for “a small number” of employees, allowing them to access eBay’s corporate network.”
This is another real-world example of how humans are one of the biggest attack vector points for hackers.
- This is why it is critical to educate employees about spear-phishing, social engineering, and other security concerns.
The hackers got names, business addresses, email addresses, phone numbers, postal addresses, and dates of birth. So even if your encrypted password was safe, just think of the negative impacts that may result.
What Can You Do?
Employees throughout every level of your organization are instrumental in protecting your business.
- Make sure your employees understand the exposure, risk, and current threats so they are proactive and prepared.
- Emphasize individual responsibility and accountability.
- Institute regular, hands-on, security awareness training.
- Provide learning resources, such as online reference, documentation, and other tools.
- Ask questions; talk with your employees. Understand their behaviors and monitor to address habits that may pose risks.
Take Security Seriously
Your business continuity, reputation, and your ability to stay in business depend on maintaining the highest security standards. Employees are one of the most important elements of your overall security. As we see all too often, just one slip up can have catastrophic, lasting effects on an organization.
Train employees regularly, teach good habits, and adopt a culture of security throughout your organization. Security is not an achievement, but an ongoing process.
Remember, “Amateurs hack systems, professionals hack people.” — Bruce Schneier
If you liked this article, read this recent post on protecting your organization from a security breach.