Today, competition is compared in the ability to locate, process, and store data securely. In addition to high-level technical tools, the way to ensure this security is through the knowledge of employees against cyber-attacks, that is, Cyber IQ. So, what can be done to achieve this?
What is Cyber IQ?
The concept of cyber IQ is about the occurrence of data leaks without being exposed to cyber-attacks. Cyber IQ is based on people with access to data having a digital intelligence in data security. In fact, data leaks that occur because people who have access to the data but don't have cyber IQ, can have more dangerous consequences than data leaks caused by cyber-attacks. The survey results of Bitdefender Antivirus, which provides protection services to more than 500 million users in the world, with a thousand IT (Information Technology) experts, is quite interesting. The results in the study include a broad consensus that the most important data leaks are based on employee negligence. It was stated that this negligence caused data leaks during the personal and corporate e-mail usage of the company employees, through messaging applications and due to file sharing services. Again, data research firm Egress conducted a research with more than a thousand IT (Information Technologies) security professionals by Opinion Matters. This research also recorded that company information was often accidentally disclosed as a result of organizational errors, and 83 percent of IT managers were caused by employee data negligence.
How to improve employees' cyber IQ?
It is obvious that it is a great threat for companies and other institutions to work in a position where they do not have access to data on cyber IQ. In this respect, companies and other institutions should prepare training programs on cyber security, and employees should make an encouraging effort to improve their cyber IQ. Of course, in cyber security, it is possible to limit the mobility of its employees so as not to cause data leaks, but this is far from an ultimate solution. For companies and other institutions; it is suggested that they can embody these incentive efforts by using reward channels such as premiums, wages, leave, and social activities.
As to the details of the trainings… Training, which aims to improve the cyber IQ of the employees, should address the concepts of data and cyber security in detail and create awareness about the actions that will cause data leaks in this direction. In this context, we can list some of the processes and trainings that anyone who knows how to use a computer can do and pay attention to as follows:
● Always keep the software of the computer you use updated. It is always your benefit to install updates to operating systems and other software automatically or to check for updates once a week manually.
● Be wary of e-mails containing fake or phishing attacks. Always be sure to know the sender before opening an e-mail. Be conscious while reading the contents of the e-mail. Do they want confidential information, or do they offer you something too good to be true? If so, the mail you're probably reading is a scam.
● Always back up your data. Back up your data as often as you can. The more often you back up, the more secure you and your data will be. Also, never ever rely on a single device when backing up data. And make your backup on multiple devices. Data backups are the best protection method against data-based ransom attacks against companies.
● Be alert to social engineering attacks. Employees need to be awake against social engineering attacks based on leakage of information from within the company, by sneaking into an organization as an employee, making friends with employees, gathering information by appearing as if they are looking for from a technical service or support institution, being friendly with the target person, making themselves look like a girl when they are not. The only thing that can be done for social engineering, which is one of the oldest and most valid hacking methods known, is to always trust only those who are known / recognized.
Increased cyber IQ for everyone's benefit
It is possible to develop Cyber IQ through trainings. It is very beneficial for companies and other institutions to focus on this issue, and this benefit is very important not only for employees but also for all citizens. As a matter of fact, the occurrence of data leaks may lead to a situation that may create legal responsibilities besides causing loss of interest of companies and other institutions. Violated data may also belong to citizens, as it will surpass institutions and employees. Consequently, companies and other institutions seem to be the most reasonable for both themselves and the citizens, rather than taking a risk that will lead to legal problems beyond financial losses.