Home / Media Center / Protect Your Organization from Cyberattacks by Creating a Cybersafe Culture
Media Center
Share

Protect Your Organization from Cyberattacks by Creating a Cybersafe Culture

September 10, 2024
Share
By Michael Chiappetta

The news has been full of cyberattacks recently and no organization is safe, regardless of its size.

Cybercriminals are targeting for-profit and nonprofit organizations, public and private companies, and government entities. Their attacks are also becoming more sophisticated.

Earlier this year, the website of the Pennsylvania courts system shut down due to a cyberattack. Though the courts remained open, many services offered through the website were not available.

AT&T recently announced that nearly all of its customers were impacted by a 2022/2023 cyberattack. The investigation is ongoing, but the company said private information such as social security numbers is now available on the dark web.

Millions of Ticketmaster customers had their private information stolen in April and May of this year. Ticketmaster has provided little information about the breach.

The list goes on and on.

In fact, cyberattacks are on the rise, and 90% of security leaders say their organization is falling short in addressing cyber risk. And while corporate leaders understand the importance of developing a cybersafe workplace culture to combat the problem, few know how to make it happen.

At Oswald, we have guided our clients to adopt a strategic process around managing cyber risk and have provided numerous educational and training opportunities.

Still, we have found the most important tool in fighting malicious cybersecurity bad actors is the employees of the organization. It’s important to routinely shine a light on cybersecurity for all employees so they understand the importance of cyberattacks, ranging from financial threats to reputational damage.

A 2021 study found that 44 percent of corporate security incidents were caused by employees who fell victim to phishing scams. To address the issue, companies should provide regular training sessions for all employees to help them spot a phishing attempt and avoid falling prey to the scam.

Employers also should instill the value of a cybersafe culture. Reward employees for completing training sessions and provide incentives when potential attacks are reported to the IT team.

How employees can help

Shallowfakes or cheapfakes are how cybercriminals learn their craft. They start small by manipulating images or hacking into a conference call, but they have moved into more sophisticated territory.

Earlier this year, a finance worker of a multinational firm paid out $25 million after he thought he was on a video call with the company’s chief financial officer and several colleagues. It turned out all the people he saw weren’t real at all, they were deepfake recreations.

Though difficult to grasp and frightening to consider, everyone is a potential target, but there are ways to stay ahead of the game.

For individuals

  • Limit the photos and videos you share.
  • Keep social media pages private.
  • Use a credit card for online purchases.
  • Use a Virtual Private Network (VPN) to protect online activity.

For organizations

  • Be vigilant about new vendor requests, especially if you already have a vendor for those specific needs. Ensure you follow your vendor authentication process for new vendors and any changes. Call your personal contact at your existing vendor to make sure they are making a request. Bad actors are creating businesses of the same name in another state, so make sure you’re talking to the person and the company you know.
  • Have a cybersecurity plan in place and test it by periodically conducting table-top exercises. Consider including your bank’s fraud contact in addition to your other important contacts.
  • Provide consistent phishing training for employees so they know the signs of a fake email, phone call or video.
  • Deepfakes are especially popular in an election year. Cybercriminals will deepfake a candidate or government official to make them sound bad or to get you to donate to their campaign.

Corporate leaders who invest in cybersecurity set the vision that this is an important initiative for all employees. All companies should have an Incident Response Plan as part of their Strategic Cyber Plan. When a cyberattack occurs, and it will, your company will be able to activate the plan to respond quickly and efficiently.

Oswald has a library of information and webinars on cybersecurity. We provide information on potential threats, the importance of cyber insurance, and the protocols to follow that can help your business avoid or overcome cyber and ransomware attacks.

The experienced cyber team at Oswald can help you assess your risk and plug the holes in your cybersecurity plan.

For more information, please contact me below.

Property & Casualty - Specialty Risk | Cleveland
First
Last

Risk, Insurance and Leadership Insights

View our company news, upcoming seminars, events, videos and advisory articles from our risk management and insurance advisors.

Check out the categories below for the information relevant to you or your business.

View Oswald in the news and check out the OSCAST digital media channel.

Note: This communication is for informational purposes only and is not regularly updated. View our privacy notice.

Types

Categories

oswald financial logo
Taylor Oswald
Transactional Risk Advisors logo
UROne Benefits logo