If your business handles personally identifiable information, public health information, and/or payment card industry data, your most important job is safeguarding that. Above anything else, that’s what you’ll be remembered for should there be a significant breach.

“Those are the crown jewels of an organization, their customers’ information,” said Jeff Lanza, who retired after 20 years as an FBI special agent and provides talks on cybersecurity and identity for organizations nationwide. “If you’re not doing everything you can to protect that, you’re failing at job No. 1.”

GONE PHISHING

Most breaches stem from an employee doing something they shouldn’t, wittingly or unwittingly. Most of the time, they mean no harm, being taken in by a phishing email and clicking without thinking. Before they know it, they let malware inside the company’s network.

Criminals will either hack into someone higher up in the organization’s email or spoof their address, pretending to be them but with slight alterations in the domain name. If you don’t look closely, you might not notice it’s a fake until it’s too late.

“The hackers are trying to make you use emotion to make decisions rather than common sense,” Lanza said, “because when you make emotional decisions, a common theme is you can’t assess risk and you’re not taking steps necessary to prevent what may be a problem.”