Procomply FTC Safeguards Rule Tip of the Week – June 6, 2023
The deadline for FTC Safeguards Rule compliance is Friday, June 9th.
Are you ready to securely conduct business and keep your networks and (personally identifiable) customer information safe? Did you know that employees are the #1 cause of network breaches, which can cost your company up to $11,000 a day in FTC fines?
Breaches by the numbers: A joint study from Stanford University researchers and an internationally based security firm found that 88 percent of data breach incidents are caused by employee mistakes. Studies from IBM pose that number as high as 95 percent.
It’s time to deploy a “human approach” to information and network security. One of the most proactive ways to help secure and prevent breaches into your company is to ensure your “human firewall” – your employees – are trained and aware of how their actions might inadvertently cause a problem.
Employee Training Methods to Consider
Here are some training elements to consider to effectively educate employees on suspicious emails, links, and other phishing elements:
- Schedule Interactive Training in Workshops or Webinars: Present practical scenarios of phishing emails and show employees how to spot red flags such as unfamiliar senders, errors in grammar, or urgent requests for personal information.
- Simulated Phishing Exercises: These exercises involve sending mock phishing emails to evaluate employee awareness and response – simulating real-world phishing attempts with no actual harm. Analyze employee responses and offer immediate feedback while providing guidance on how to avoid falling for phishing traps in the future.
- Ongoing Awareness Campaigns: Regularly remind employees about the importance of staying vigilant against phishing attacks targeting a variety of communications channels. Share real-world examples of recent phishing attacks on your company. Give them a reporting process so they can inform you of suspicious emails and phishing quickly.
- Reinforcement and Updates: Cyber threats evolve rapidly, so it’s crucial to keep your training up to date and to provide refreshers to your employees. Conduct follow-up training sessions periodically to reinforce good practices and address any new concerns or challenges.
Putting It All Together
A comprehensive training program should focus not only on identifying phishing emails, but also on promoting good cybersecurity practices — using strong passwords, enabling two-factor authentication (more on that in next week’s tips) and regularly updating software. Your employees are your most valuable asset, and it is crucial to protect their working environment for secure productivity.
Huntleigh Group can help you craft training that works for your business. We are also here to help you with your FTC Safeguards rule compliance.
We hope you found this weekly tip helpful. Next week, we will be talking about multi-factor authentication.
We look forward to serving you in the future.