CLEARWATER, Fla. (Press Release – March 12, 2012) – With new study findings showing year-on-year increases in identity fraud and data breaches, Internet Security Awareness Training (ISAT) firm KnowBe4 asserts that small and medium enterprises need to be more vigilant and aggressive in their cybercrime prevention efforts.
According to the 2012 Identity Fraud Report published by Javelin Strategy & Research, more than 11.6 million adults in the United States fell victim to identity theft in 2011, representing a 13% increase over 2010. The report suggests that this growth may be related to the substantial 67% increase in data breaches, noting that 15% of Americans – approximately 36 million people – received notification of a data breach in the past year. Furthermore, Javelin found that consumers affected by a data breach were 9.5% more likely to become victims of identity fraud; and that credit card numbers, debit card numbers and social security numbers were the top three most common items exposed in data breaches.*
“Businesses need to recognize the potential repercussions of data breaches, and take responsibility for preventing them,” said Stu Sjouwerman (pronounced “shower-man”), KnowBe4 founder and CEO. “It’s bad enough when companies ignore their own vulnerability to cybercrime, but it’s even worse when they put customers at risk. Considering that the tools to prevent these types of cyberheists are affordable and readily available, there’s no excuse for leaving customers exposed to identity fraud.”
Sjouwerman believes that many small and medium enterprises (SMEs) underestimate their susceptibility to Internet security breaches because big companies are often the ones that make headlines. “When hackers infiltrated PlayStation’s network in April 2011, the credit cards of some 77 million customers were compromised. You’d think that would make SMEs more cautious with their own data, but many assume that cyberthieves won’t go after smaller businesses when there are so many bigger, more profitable organizations out there. However, the fact is that cybercriminals cast a wide net and will target any company that doesn’t have appropriate safeguards in place.”
There are a number of Internet security protocols that can help thwart hackers, such as limiting access to corporate servers, immediately installing antivirus software updates when they become available and using complex passwords that combine letters, numbers and symbols. At the same time, Sjouwerman notes that there is a vulnerability that many companies overlook – their employees. As cybercriminals become more subtle and sophisticated in their attacks, employees are often conned into clicking links that bypass multiple layers of security and provide direct access to the company network.
KnowBe4 has conducted several client case studies demonstrating the effectiveness of Internet Security Awareness Training in reducing employees’ susceptibility to phishing attacks. After the initial training session, followed by several weeks of subsequent testing and remedial training (as required), the Phish-prone™ percentage of staff was found to be at or near zero.
“When it comes to ISAT, scheduling a company-wide training session is an important first step. But it’s not enough to host a single workshop and call it done,” explained Sjouwerman. “By the time most people become aware of a phishing scam – for example, the phony bank notices that were making the rounds a while back – cybercriminals have already moved onto another type of attack, like the recent spate of spoofed social media alerts with malicious links. That’s why it’s absolutely essential to conduct ongoing training and keep your employees apprised of the latest phishing tactics, so they won’t unknowingly click a link that gives cyberthieves a backdoor to your network.”
KnowBe4’s Internet Security Awareness Training includes a series of scheduled security audits that allows administrators to send regular simulated phishing attacks, which reinforce the training and pinpoint any weak spots.
Sjouwerman invites companies to take advantage of KnowBe4’s free cybercrime prevention resources, including a free phishing security test and a free email exposure check (EEC), which identifies publicly accessible corporate email addresses that cyberthieves can use to target employees. For more information on KnowBe4’s Internet security training services, visit http://www.knowbe4.com.
About Stu Sjouwerman and KnowBe4
Stu Sjouwerman is the founder and CEO of KnowBe4, LLC, which provides web-based Internet Security Awareness Training (ISAT) to small and medium enterprises. A data security expert with more than 30 years in the IT industry, Sjouwerman was the co-founder of Sunbelt Software, an award-winning anti-malware software company that he and his partner sold to GFI Software in 2010. Realizing that the human element of security was being seriously neglected, Sjouwerman decided to help entrepreneurs tackle cybercrime tactics through advanced Internet security awareness training. He and his colleagues work with companies in many different industries, including highly regulated field such as healthcare, finance and insurance. Sjouwerman is the author of four books; his latest is Cyberheist: The Biggest Financial Threat Facing American Businesses Since the Meltdown of 2008.