Another Data Breach Linked to Employee Behavior
Anthem Inc. (a large health insurer) recently disclosed that cyber attackers executed a sophisticated attack to gain unauthorized access to Anthem’s IT systems. As many as 80 million records may have been stolen and the cost of the repair is currently unknown. Due to the size of the breach, they “are unable to quantify the ultimate magnitude of such expenses at this time, they may be significant”1. Subsequently, Anthem believes the attackers were able to penetrate the network when phishing emails were went to employees.
Humans are still the weakest link in your layered IT defense. Just as you should be regularly testing IT controls, you should include IT security awareness training.
Remind your employees to:
- Never share passwords
- Lock their screens when they walk away
- Never click on links from unknown sources
- Never insert an unknown USB or thumbdrive into their computer
Your IT team can only help to reduce the risk of so many threats; end users must do their part. Consider evaluating your company’s security awareness level through survey or phishing exercise.
1 – Anthem SEC form 10-K, for the year ended December 31, 2014.