“Every organization should train their employees on security awareness,” Steve Morgan, founder and editor-in-chief at Cybersecurity Ventures. “And every organization should have a simulated phishing program. This is the process of simulating phishing attacks on employees, regularly, to confirm that the employees are able to recognize the threats and respond to them properly.” Some of the other steps he recommends:
Finally, among the simplest forms of protection is being password-protection savvy. Your anniversary. Your dog’s name. The title of your favorite movie. What do they have in common? When used as passwords, they’re as good as invitations to get hacked. Of course, the more passwords you need, and the more complicated they are, the more likely you are to forget them. That’s where password managers come in. They allow you to create passwords that are complex enough to foil hackers but give you access to a (password-protected, of course) list so you don’t have to remember them.
Read the Keeping Data Covered: Creating a "Breach-free" Climate guide to learn more about proactive breach prevention.