Newsroom » Industry News

11/21/2017

Associate Member Highlight: Associated Computer Systems

  • Spread The News

Don’t Gamble on Poor Cybersecurity


It’s impossible to ignore the growing threat cybercrime poses to an organization’s reputation and bottom line. The gaming industry has long protected itself from physical threats, but casinos must also protect themselves from cyber threats. Casinos outside of Vegas are not exempt from these threats. Casinos, such as Sands Bethlehem in Pennsylvania, Four Winds tribal casinos in Michigan, the Peppermill Casino in Reno, and others, have also been compromised. Hackers have it easy: They only have to be successful once to achieve their objective. Whereas a company may stop hundreds or even thousands of attacks a day, and yet it only takes one successful breach to create years of harm.

The best protection against cybercrime is a layered security strategy that deploys numerous tactics. One of the most important layers of a cybersecurity strategy is the human element: your employees. The people who are entrusted every day with the reputation and inner workings of your organization can become the biggest gateway into your systems. When a security-conscious culture is created throughout your organization and employees are properly trained to recognize cybersecurity threats, the risk of a breach is significantly reduced.

In a recent study, 85% of companies reported being the victim of a phishing attack. Even with the best spam filters and endpoint security solutions, malicious emails can still get through. Furthermore, social engineering or social manipulation of an organization’s workforce can circumvent the best technologies on the market because it relies on the vulnerability and naivety of the people within the organization. The threats phishing attacks and social engineering pose to your organization can be drastically reduced through cybersecurity education.

After enrolling employees in a comprehensive cybersecurity training program, organizations on average found that their employees went from being 15.9% “phish-prone” to 1.2%. This means the organization’s vulnerability due to employee risk was significantly reduced just by empowering their workforce with knowledge on how to recognize a potential threat.

What to Look for in a Cybersecurity Training Program

Baseline Testing: Prior to announcing the training program, secretly test your employees to determine their natural level of vulnerability. This will provide you with a good indication as to how much your employees already know and how in-depth the training will need to be.

Interactive Training Modules: Everyone learns differently. Utilize a service that incorporates videos, reading materials and simulation exercises. Having multiple resources will ensure everyone’s learning style is accommodated and the information is retained by each employee.

On-going Tests: Continue to test your employees using both quizzes and testing through simulated phishing attacks. Sending faux-phishing attacks will help identify both your strongest and weakest employees regarding cybersecurity.

Flexibility: Choose a platform that allows you to customize the modules and exercises to fit the needs of your organization. For example, choose a platform that provides email testing templates that relate to situations and interactions that occur naturally in your business environment.

Analytics & Reporting: It’s important to track and analyze your organization’s progress. This allows you to segment populations and focus on areas that need more attention, whether that be a specific topic, employee or gateway. You can’t address issues you aren’t aware of.

Executive Training: Different groups within your organization face unique threats. The Board of Directors and C-suite are more vulnerable to attack due to the level of credentials they hold, the type of information they interact with, and their need for easy remote access. They also need to recognize threats that may come from within the organization. Look for a program that offers additional leadership training. Each leadership team has different needs and levels of vulnerability and should be provided a customized program to address their situation.

To learn more about creating a cybersecurity-conscious culture, or to learn more about layered cybersecurity practices, contact Fritz Craiger with Associated Computer Systems (ACS).

« Return