A link in a chain breaks as it's pulled apart, symbolizing a breach
Preventing security threats involves constant training at every level of your business

It is easy to picture cybercrime like a scene from a movie: a hacker sitting alone in a dark room, typing away at a computer, trying to break through firewalls and steal sensitive information. But the reality is, cybercriminals are far more sophisticated than what is commonly portrayed in film and television. They use measured tactics to take advantage of seemingly innocent acts to achieve their goals.

According to a recent IBM report, 83% of companies can expect a data breach this year. It’s not if a data breach will happen, but when.

The Real Costs of Cybersecurity

The average cost of a ransomware attack in the United States was $9.44 million in 2022. However, the true costs associated with a data breach are ongoing. A breach of sensitive data can lead to loss of trust, which can lead to loss of current clients as well as a reputational hit that may turn potential customers away.


The time and financial investment necessary to recover from the public relations nightmare a cyberbreach can cause can lead to millions more in lost business. That is why it’s important to put processes in place to ensure your company is set up to recognize cyberattacks when they inevitably take place.

The Importance of Cybersecurity Training

Technology is important to cybersecurity. Technical controls can do a lot to maintain the security of sensitive data. But no amount of technology can account for human error. Ninety percent of all data breaches and ransomware attacks are the result of someone inside the company clicking on the wrong link or downloading an infected file. That is why proper training is essential. Regular and repetitive cybersecurity training for every member of your company is one of the most effective measures for reducing the likelihood of successful cyberattacks against your organization. From the CEO to the newest hire, training your people to recognize the signs of phishing attacks and other scams can help to ensure that your sensitive data stays secure.

Cybersecurity training sessions should be scheduled at least every 60 to 90 days. Why? That’s how quickly cybercriminals are inventing new ways of breaching security. These criminals are pouring thousands of hours and millions of dollars each year into developing, testing and perfecting their attack methods. Ensuring your staff is up to date on the latest methods is the best way to prevent your company from becoming their next victim.

Proper training also includes post-breach protocols. Knowing how to prevent a data breach is important but knowing what to do if one occurs is critical. A quick, measured response is key to getting back up and running faster and more completely. Having a documented, companywide plan that is understood and agreed upon is essential to getting back on track when a cyberbreach occurs.

Clear Signs of Phishing

It is important that the people in your company remain alert and skeptical when opening emails. Inspecting URLs to ensure there are no added characters (i.e., gooogle.com vs. google.com), asking the sender for clarification before opening unexpected attachments, and carefully reading each email for unusual spelling errors or grammar are three important aspects of remaining aware.

With so many emails being sent back and forth within a company, it can be easy to miss signs such as these. Hiring an independent consultant to conduct simulated phishing attacks throughout the year, without warning, is an effective means of testing who is paying attention and who is not.

Cybersecurity is Not Up for Review

Being alert to cybersecurity concerns and implementing the tactics learned in cybersecurity training should be a factor in job performance. A single slip-up from one employee can cost millions of dollars. If you are performing regular simulated phishing attacks, failure to recognize these attacks for what they are should impact an employee’s performance review.

Cybercrime is Not a Trend

Cybercrime is a growth industry — and it’s here to stay. As more and more sensitive data is collected online, cybercriminals will continue to invest time and money into new ways to breach security protocols. It is crucial that your company keep up its defenses. Consistent security awareness training and testing are paramount to fending off cyberattacks.

Nathaniel C. Gravel is a cybersecurity expert and consultant with Gray, Gray & Gray LLP, a consulting, accounting and business advisory firm based in Canton, Massachusetts. He can be reached at ngravel@gggllp.com.


LPG Fuels New Opportunities for Open-Air Living