2020 was dubbed as ‘the worst year on record’ RiskBased Security, given a staggering 36 billion records were exposed throughout the year. Names (45.1 percent), along with access credentials in the form of email addresses (36 percent) and passwords (29.4 percent), continue to be the most exposed data types. Internal, non-personal identifiable information categorised as ‘Miscellaneous’ was added to the list, along with ‘Unknown’ (no confirmation provided on data compromised), due to the number of ransomware-related events. 

In total, RiskBased Security mentioned that there were 2,935 publicly reported breaches in the first three quarters of 2020. The healthcare sector and the information sector nearly tied for the most data breaches, followed by finance and insurance, public administration, and professional/scientific for the top five. Much of the data breached across industries might have been collected from older or publicly accessible sources. Even so, the potential dangers are unquestionable. Increased attention and cooperation between hackers points to a growing interest and overall risk. 

See also: How To Create A Sustainable Cybersecurity Culture

How data breach affects users and victim businesses

The cost of a data breach can be enormous. Beyond financial impact, data the costs of data exposure are in many other forms, such as system downtime, reduced efficiency, brand damage and loss of trust, IP theft, and even damaged employee morale. 

System downtime could affect business operations that have to do with brand awareness and reputation. While losing network access can cause immediate pain in the form of lost productivity and opportunities, system downtime can cause more harmful long-term damage to the company brand. As an example, Amazon’s AWS cloud industry platform’s brand reputation has suffered due to a number of server outages and a relatively low service level agreement (SLA) of 99.99 percent, which equates to as much as 52.56 minutes of system downtime in a year. Given the high potential impact of a server outage, many smaller companies cannot afford to take the risk and are seeking more reliable solutions for their cloud infrastructure that provide better levels of SLA uptime. 

Cybersecurity awareness campaign  

Due to the risk posed by a cyberattack, companies need to design a campaign to protect employees, users, and the company from the negative effect of cyber thefts. With organisations transitioning to long-term remote work culture, giving employees the tools and resources to be secure online in their personal lives as well as in the home office is more important now than ever. Likewise, you should take your security awareness program virtual, in a way that keeps your employees engaged and educated. 

Here’s how to conduct virtual cybersecurity awareness campaign: 

• Align the objectives with corporate goals – By building the program around your organisation’s goals, both long and short term, you share confidence and trust in your messaging and guidance when communicating to employees. This alignment also makes it easier to get support and participation from employees. 
• Define your message clearly and effectively – Once you align the goals of the program with your corporate goals, you should help leaders understand the risk of a cyber breach to your organisation. This will help you come up with a meaningful message. 
• Use various organisation’s channels – Employees might receive more than a hundred emails a day. With that many emails, you can imagine how your message can get lost in the noise. In addition, people have a different way of digesting information. There are those who can understand better with visual, video or written texts. Therefore, utilise your channels as best as possible. 
• Host a webinar or all hands meeting – There is good software to conduct video conferencing tools such as gotomeeting.com. You can use such tools to give your employees a chance to engage directly with security and IT experts and get their questions answered. If you have a global employee base, be sure to either record the session or offer it in different time zones. 
• Run a contest – To engage employees, a contest or competition is a good way to highlight security awareness. The contest is also great to get them involved, boost their learnings, and help them drive a more collaborative security culture for your organisation. 

Success is a choice  

Security awareness can be a challenge to quantify but it is possible. To tell that your campaign is a success, you can solicit employee feedback, know what they enjoy or think could be better. Then, work with your security team to identify metrics that show if the “human error” risk is trending downtrends. All this information can give you a better understanding of the success of your campaign efforts. Don’t be afraid to run and test new methods and get creative with your ideas – because success is a choice you can effectuate. 

Read also: Cybersecurity Tips for IT Team in the Ongoing Pandemic