We’ve all received them — those pesky emails that look legitimate at first glance, but closer examination reveals something much more sinister. These attempts by bad actors to trick us into divulging sensitive information or doing something are called social engineering. They arrive in our personal and work inboxes and represent a huge risk to our security and to the security of our organizations.
According to the Verizon 2020 Data Breach Investigations Report, 22 percent of overall breaches include social attacks. The report tells us that because people can be manipulated by social engineers, we are considered the weakest link in the security chain. In the healthcare section of the report, one of the top controls recommended is to implement a security awareness training program, which helps to strengthen the human link.
The primary reason to implement a cybersecurity awareness program is to protect your employees and your organization from social engineering. The idea behind social engineering is to take advantage of a potential victim’s natural tendencies and emotional reactions. Social engineering, as related to cybersecurity, pertains to email (phishing), texting (smishing) and voice (vishing) scams.
Cybersecurity awareness is a critical component of Enterprise Health’s overall information security program. The primary goal of our program is for employees to recognize threats and vulnerabilities and respond to them appropriately. We do that through a people-centric approach that brings awareness to a personal level and focuses on the employees.
To combat social engineering and educate our employees, Enterprise Health’s ongoing security awareness training program includes both experience and knowledge of cybersecurity-related issues. Simulated phishing gives our employees the experience to view emails and recognize when it’s a spoof, while training courses equip our employees with knowledge of cybersecurity awareness topics.
At Enterprise Health, we take cybersecurity training very seriously and are continually working to keep our employees up-to-date on skills and evolving threats — both for their protection and the protection of our enterprise and our clients.