Ransomware threats and cyberattacks make headlines when large companies are targeted or suffer data breaches, but no organization should assume it’s immune. If your company makes money—or possesses data or other online assets that have value—you are a target, no matter how small.
Just as locking your office doors and using a physical security system are a normal part of many daily operations, comprehensive cybersecurity should be an established daily priority rather than an afterthought. Microsoft has repeatedly emphasized in recent years that our partners should adopt a Zero Trust mindset to protect themselves: verify explicitly, use least-privileged access, and assume breaches are likely.
At Microsoft, we recognize companies face difficulties in educating their employees and end users about sophisticated and expansive online threats. We’re providing tools and training to help organizations that don’t have time or budget to develop and maintain top-notch security training. As digital attacks rise, we need to work together as partners to defend against them.
Reasons to prioritize cybersecurity
Cyberattacks represent serious, material threats to businesses, and digital assets often have value that exceeds the cost of replacing physical assets. Ransomware attacks surged by 1,070 percent from July 2020 to June 2021, and 88 percent of security leaders say phishing attacks have affected their organizations. Additionally, the FBI Internet Crime Report identified phishing as the top digital crime type for victim complaints in 2020, with the number of reports doubling year over year.
While these statistics are eye-opening, the challenge we all face is helping people and organizations see how this personally affects them. Many security training efforts don’t make clear the relevance of cybersecurity to your day-to-day life. But online threats can greatly impact the operations of an organization and the lives of its customers and employees. We need to design and participate in training that makes that clear.
As customers, we also need to pay attention to what companies that have our data are doing to protect it. If you run an organization, any claims of being careful with data security and customer privacy should be reinforced by evidence of that effort. For example, I trust that my bank cares about security because it forces multifactor authentication on me every time I log into the bank’s app or website. If I call the bank, an employee won’t start divulging information until I provide a second method of identifying myself, such as a question that only I can answer.
Controls like these aren’t perfect, but they are visible steps that organizations can take to show that they care about security. While some customers may express annoyance at multifactor authentication, these tools demonstrate that security and privacy are customer service priorities.
Increase security knowledge at all levels
Executive leaders must recognize that a company’s online security is increasingly a reflection of company leadership. Digital security is frequently becoming a topic at shareholder meetings, in the boardroom, and at company all-hands discussions. While it isn’t expected that CEOs should be able to explain how an attacker accomplishes identity theft, they need to provide resources for security initiatives, including strengthening their employees’ security skills.
“If you don’t have buy-in from the top of the organization, and you’re just focused on checking boxes, that’s a little bit different than leading with security and saying everything that we do needs to have a security focus,” says President and CEO Rohana Meade of Synergy Technical LLC, one of our Microsoft partners. “Everyone in the organization absolutely has to be on board with implementing secure solutions.”
https://youtu.be/Yy8FHPw-Lxs
As Meade says, everyone in your organization should be versed in security to a certain extent. Instead of requiring a short annual training session, we should strive to make security training more frequent, engaging, and more likely to lead to ingrained security habits. We’ve tried to do this at Microsoft by breaking our training on security, privacy, and compliance into a series of episodes. The recurring characters in this series make mistakes and decisions you follow like a reality TV show. The stories are so entertaining that our employees who participated in the stories have become internal celebrities, and you can even buy t-shirts with their characters’ faces on them. That tells us the training is being absorbed, which should be the goal of every organization’s training program.
A variety of organizations can provide this type of security training for your employees. Additionally, to address a shortage of security-skilled employees in the tech industry, the Microsoft Partner Network has committed to a skilling campaign in nearly two dozen nations.
If your company is using Microsoft Defender for Office 365, however, you already have access to world-class training that covers the most common real-world security issues we see and how to effectively address them. If an organization leverages a partner to run these training simulations several times a year, it can help employees truly understand security threats and how to identify them.
Learn more about Microsoft Security and our partners
As incidents of ransomware, phishing, and data breaches increase, prioritizing your organization’s security is crucial. We want to help by rolling out stronger threat protection to prevent potential security disruptions. We also support our partners in making sure all employees, not just those directly responsible for online security, stay current Zero Trust principles to minimize risk.
Microsoft regularly hosts security-focused workshops and training events for our partners. Our next Days of the Defender event will be held in person in the U.S. on Aug. 2-3; registration is open now.