673f5de466b3356c9806e83f Dreamstime L 76227660

Clark: Defending your data against ransomware starts with knowledge

Nov. 25, 2024

By making employee education a cornerstone of your defense strategy, you’ll not only prevent phishing attacks but also foster a resilient, security-conscious workplace culture.

Jane Clark

In June of this year, CDK Global was a victim of a ransomware attack. This U.S. company is a software vendor that serves almost 15,000 car dealer locations throughout North America, providing applications and services for the automotive industry. CDK Global had many of its core systems taken offline by the attack, resulting in more than $1 billion in collective losses.

At a recent meeting, Ashley Barber, senior IT program manager at NationaLease, used the story of this attack as an example of the destruction cybercriminals can cause, as well as what companies can do to fortify their defenses. You may not be able to thwart every attack, but if you take the appropriate precautions, you can mitigate the damage. Though Ashley covered a number of steps, I’d like to focus on and go deeper into one specific defense: knowledge.

The first step: education

Every member of your organization is on the front line of data defense. Nowadays cyberattacks rely less on technological masterminds burrowing into your systems and more on tricking employees (or the employee of a supplier) into letting a fraudster into your system. The Anti-Phishing Working Group and Cyber Talk estimate that around 90% of data breaches originate from phishing attacks. But with the right education and training, these attacks can be detected and then defeated.

It’s important to realize that these bad actors don’t just target systems; they exploit human vulnerabilities. A carefully crafted phishing email mimics a trusted sender, such as a colleague, supplier, or even your CEO, and persuades employees to click malicious links or share confidential information. Without proper awareness, even a single mistake can lead to severe consequences, including data breaches, financial losses, and reputational damage. This makes cybersecurity education not just an IT responsibility but a company-wide priority.

The benefits of educating your workforce

Increased awareness of threats: Training sessions teach employees how phishing works, what it looks like, and how to recognize common tactics. For example, they’ll learn to spot red flags such as suspicious URLs, unexpected requests for personal information, and poor grammar or formatting in emails.
Reduced risk of human error: A well-informed workforce is less likely to fall victim to phishing attempts. Training equips employees with the skills to verify suspicious messages and report them to IT departments before any damage occurs.
Fostering a culture of cybersecurity: Regular training reinforces the importance of cybersecurity and builds a company culture where employees feel empowered to take an active role in protecting their organization.
Improved compliance and legal protection: Many industries have strict regulations requiring businesses to implement cybersecurity measures. Employee training ensures compliance and reduces the risk of fines or legal action resulting from breaches.

How to implement effective cybersecurity training

Regular phishing simulations: Test your team’s knowledge by sending simulated phishing emails. This hands-on approach helps employees practice identifying threats in a controlled environment.
Interactive workshops and e-learning modules: Invest in engaging, interactive training programs that employees can complete at their own pace. Include real-world examples and quizzes to reinforce learning.
Clear reporting protocols: Teach employees how to report suspicious emails or activity immediately. Clear communication channels ensure threats are addressed before they escalate.
Ongoing updates: Cyber threats evolve constantly. Keep your training materials up to date with the latest phishing tactics and trends to ensure your team is prepared for new challenges.

Empowering your workforce: a win-win strategy

By prioritizing cybersecurity education, you transform your workforce into a formidable defense against phishing attacks. Beyond protecting your organization’s data and finances, this investment builds trust with clients, partners, and stakeholders who know their information is safe in your hands.

Cybersecurity is everyone’s responsibility, and it starts with knowledge. By making employee education a cornerstone of your defense strategy, you’ll not only prevent phishing attacks but also foster a resilient, security-conscious workplace culture.

About the Author

Jane Clark | Senior VP of Operations

Jane Clark is the senior vice president of operations for NationaLease. Prior to joining NationaLease, Jane served as the area vice president for Randstad, one of the nation’s largest recruitment agencies, and before that, she served in management posts with QPS Companies, Pro Staff, and Manpower, Inc.