Risk Performance Strategist
February 2017

 Mailing List Link:


Join Our Newsletter Link

View Past Newsletters:

Archive Newsletters

What is Your Firms Risk Profile?

Free Risk Assessment

Risk Indication Link

Quick Links Section

Insurance, Risk or Professional Liability (PL) Question?   

Ask SmartRisk


49% Of Businesses Victim of Cyber Attacks in 2016



Nearly half of businesses report that they were the subject of a cyber-ransom campaign in 2016, according to Radware's Global Application and Network Security Report 2016-2017.



Cyber Security Training


Technology may be one aspect of cyber security, but the real challenge is managing the human element of an organization. Employees are the first line of defense, as well as your greatest cyber security weakness. Nearly 80% of risk management professionals identify insider threats as their greatest cyber risk concern. An analysis of 1200 data breaches within the U.S. Government found that 95% of the breaches could be traced to human error. Despite this fact, security awareness training is still ignored by many organizations. A common thread cyber experts agree upon it’s that poor training and unaware employees lie at the root of many if not most security breaches.

Today there are more threats, more vulnerabilities, more portable storage devices, and increased mobility. What employees don't know about cyber security could hurt your organization. To obtain a broad understanding, and buy-in from the entire organization, cyber security training must be conducted on a regular basis. All employees need to understand that cyber threats do exist and they can dramatically impact the organization.


It is important to provide employees with the knowledge, information, the policies, practices your organization has put into place, including their responsibilities to secure the organizations important digital assets.


The following identifies certain recommendations and best practice topics for cyber training:


  • Train employees to be wary of unusual requests, even ones that do not concern accounts and passwords.
  • Cyber training should be conducted at least once a year. In the United States, the month of October is recognized as National Cyber Security Awareness Month.
  • All members of the organization, including senior management, need cyber security training so they are knowledgeable of recent trends, monitoring methods, and controls used to prevent the installation of malicious code on the organizations computer systems.
  • Vulnerabilities in an organization’s business processes are just as important to cyber security as technical (IT) vulnerabilities. All departments should conduct training that relate to cyber threats in their area of responsibility.
  • It is extremely important that training sessions identify the organization procedures that are used for recognizing viruses and other malicious code.
  • When your organization collects client, customer data, it is extremely important that members are provided training on the methods and processes used protecting this information.
  • Employees should obtain training within 30 days of employment and prior to their access to sensitive and/or classified information and data.
  • Organizations must notify its employees that it is monitoring system activity, especially system administration and privileged user activity.
  • Employees should receive training in their personal security responsibilities, such as protecting their own passwords and work products.
  • Communicate IT acceptable-use policies at least yearly and obtain acknowledgment of the acceptable-use policy and rules of behavior from all employees.

You are welcome to forward this newsletter to others who may be interested.

Thank you.

Feedback or Comment?  Comment Link

Risk Performance Strategist

SmartRisk is a leading risk and practice management consultancy for design and construction professionals. Through firm specific risk assessments, training and consulting, services focus on improving overall performance, profitability and reducing insurance costs through tailored risk management solutions.

If you have any questions about our services, or would like dicusss how we could assist your efforts, please contact us.

Thank you,

Timothy J. Corbett, BSRM, MSM, LEED GA
Founder & President

Copyright and Information Only. This newsletter is for information purposes only and should not be construed nor relied upon as guidance, regulatory or legal advice. Readers should consult with appropriate counsel regarding their specific situations and circumstances. SmartRisk shall not be liable for any errors in content, or for any actions taken in reliance thereon.

If you would like to be removed from the SmartRisk Report mailing list, please use the link below.   

T: 626-665-8150