The biggest cyber security threat that businesses face is significantly closer than you think. In fact, it’s internal. As we said earlier this year, Verizon’s 2022 Data Breach Investigations report – found human error to be a key driver in 82% of breaches. This is why it’s crucial for businesses to address cyber security training in the workplace. This helps to ensure that employees are equipped with the right guidance and resources to help minimize the risk to the organization.
When it comes to cyber security, it can be difficult to know where to start. Well, it’s best to focus initial efforts on simple but effective best practices. Here are 6 behaviors to encourage among your colleagues.
Be an Email Sceptic
According to Cisco’s 2021 Cyber Threat Trends Report, phishing is responsible for 90% of attacks. Social engineering tactics are designed to fool humans, so if we consider that human error is the number one cause of cyber incidents, it makes sense that methods like phishing are among the most popular for hackers. It’s therefore vital that business employees are wary of emails coming into their inbox and always err on the side of caution.
Advice for your employees:
If you receive an email asking you to click on a link, always check the spelling of the URL and the sender’s email to see if it’s genuine. It can also be wise to consider the language style of the email. If it has a tone of urgency or contains a lot of grammatical errors, you should be very hesitant about opening any links and attachments. If you suspect a phishing email, report it to the security team.
Use MFA
Using Multi-Factor Authentication (MFA) adds an additional layer of security, making it harder for an attacker to gain access. There have been cases where simply using MFA would have prevented an entire data breach. Companies should aim to standardize MFA across company platforms and accounts.
Advice for your employees:
MFA may seem like an inconvenience, but that extra step in the login process can make the difference in protecting your identity. You may have noticed that many public providers, such as Gmail, have implemented MFA on their service for most of their subscribers. You should use MFA wherever you can. It is also important to note that your MFA codes should never be shared with anyone, as attackers may also use social engineering techniques to trick you into sharing an MFA code to impersonate you.
Update Applications When Prompted
Outdated software is another attractive target for attackers. A patch management program is part of a mature security practice. Patch management should include all assets within the organization. The patching schedule should be planned in advance, and it should also allow for out-of-cycle patching processing for urgent patch releases.
Advice for your employees:
Cybercriminals often take advantage of out-of-date software, so update reminders shouldn’t be ignored. As an organization, it is important for us to periodically update the software and hardware that keeps the business running. This may create a slight inconvenience, but it is necessary to keep the business safe.
Patching is also important for your personal protection. For example, a recent flaw in the Apple operating system could allow an attacker to take full control of your smartphone. The only way to prevent this exploit is to update your smartphone with the recommended patch. These updates include critical security patches designed to address vulnerabilities that may otherwise be exploited.
Beware of Public Wi-Fi
With the rise of remote working over the last couple of years, we’ve had to pay special attention to certain threats and introduce new security measures and best practices. The organization should have a tightly controlled Wi-Fi system, with a guest network for those who do not need to access company resources. Personally owned devices should be segmented from the corporate network, unless the device has met the organization’s security standards.
Advice for your employees:
If you’re working outside the office, you should be wary of the Wi-Fi networks you connect to. Free public networks are usually not particularly secure, since they don’t require any authentication to establish a connection. This means that malicious actors have the ability to intercept the data you’re putting out onto the internet, like emails, payment information, or credentials. These unprotected networks can also be used to distribute malware, compromising any connected unsecured devices.
If you’re working away from your company network, it’s best practice to use a Virtual Private Network (VPN) which will establish a secure, encrypted connection between your device and the internet.
Avoid Using Company Devices for Personal Use
Unless your company is a media-based enterprise, social network use should be limited, if not entirely prohibited. Your marketing and communications department may need access to social platforms to conduct business, and they can be protected by using network segmentation, as well as other administrative protective mechanisms.
Advice for your employees:
Allowing crossover between work and personal use on company devices is poor practice when it comes to security because the websites and applications you may use in your personal time may not rise to the standards set for the organization, which can put the company at risk if you’re on the company network. Therefore, it’s best to keep any online browning and social media activity to your own devices using cellular data, or the guest network.
Similarly, while social media might seem entirely separate from your working life, the information you disclose on these networking sites can be used by criminals in various ways which may indirectly affect you, as well as your company. For example, if you’re using the same credentials in multiple places, those other accounts can be compromised, giving bad actors access to corporate data.
Always Lock Screens
Screen locks are a simple way to prevent unauthorized use, and potential privacy violations. Automated lockout times should be approved by senior management within the organization.
Advice for your employees:
Cyber security isn’t all about online behaviors. Whether in the office, or even at home, it’s always advisable to lock your computer screen whenever you leave it unattended to prevent any unauthorized personnel from accessing your account and protect any confidential information.
Cyber security may seem like a job for the company’s IT team, but every employee can contribute to an organization’s security posture. Employees, take the time to speak to your IT team and find out what more you could know, and what actions you can take to keep your company, as well as your personal information secure. Managers, take the time to prioritize cyber security training.
For more information on cyber security training, contact Tigunia today.