A few years ago, there was a spate of cybercrime taking place and not in the way that you would expect. In addition to the seemingly traditional methods of email and text phishing, cybercriminals were tactically planting USB flash drives in densely populated areas like car parks, waiting for an unsuspecting person to pick one up and plug it into their work computer.
It was a simple yet effective tactic for hackers as they could place a foothold in your business with very little heavy lifting. With the emergence of cloud storage, this tactic is no longer a popular choice, but it does highlight the need to develop a comprehensive security plan for your business as you never know where an attack may come from.
But whilst you can build an IT security stack to help protect your business, your operations are no doubt mainly run by employees. Your business can only be protected so much by technology – a staggering 95% of cyberattacks are successful due to human error. It is therefore vital that your employees are educated and aware of their responsibilities when it comes to keeping your business secure.
Here are four ways your team can help protect your business from attacks:
Phishing and Social Engineering Awareness
When a user is deceived into giving away information through an attack, that is social engineering. Phishing is a form of social engineering that uses emails or chats to communicate with users to get sensitive information like passwords and credit card details.
Phishing is successful because it disguises itself as coming from a credible source, deceiving users into believing it is communication you can trust. Giveaway signs of phishing include typing errors, links containing random numbers or letters, a strange sense of urgency or a feeling something is amiss about the information being requested.
Users should be taught that once they feel uneasy or unsure about correspondence, they should never click on a link, download an attachment or share their sensitive information. For this reason, businesses must establish a process where employees can inform the dedicated person or department about any malicious communications they receive. It is highly likely that one employee is receiving these types of emails, others are too so alerting the right person as soon as possible is critical for preventing a phishing scam from entering the network and spreading throughout the company.
Secure Passwords and Network Access
As a foundational step to good security, employees should follow good practices when it comes to passwords they create, especially if the passwords are used to access IT environments within the business. Multiple industries enforce strong password policies as part of their compliance and in general, passwords should be unique to each application and information source. They should be at least 8 characters long, contain letters and special characters, and not include obvious patterns, names or dates. In addition to this, passwords should be updated every 90 days and never written down or shared with other employees. Installing and encouraging the use of a password management system will help your employees in this endeavour.
Monitor Device Security
Whether it is a mobile phone, laptop or tablet, employees may bring their own personal devices to work with them. When a personal device is used within the workplace, employees must understand the potential risks associated to connecting to the business network. They open up the possibility of being exposed to any threat that company devices are susceptible to and their device can also become a vehicle through which viruses enter through. By monitoring device security, employees know and understand that they should be mindful of the websites they are browsing, items they are installing and links they are clicking on.
Keep Devices Close
It is not only cyber threats that employees need to be mindful of. Physical device security also plays a big role in keeping sensitive information protected. Think about how often you might leave your mobile phone or laptop unattended and open to infiltration. Someone could steal your phone or log in to your computer and steal sensitive information from the connected network – immediately leaving your data at risk.
This often goes largely overlooked especially as many employees believe the workplace is a safe place. However, with the increase of co-working spaces and working from home, it is important to provide your staff with refresher tips such as:
- Lock your devices when leaving them unattended
- Lock documents with sensitive information using password protection
- Discard information in a secure way and have a retention and destruction policy
At Office Anyplace, we know how important it is for employees to understand the implications of their actions when it comes to cybersecurity. It is why we offer user training as part of our Platinum security package, helping your team understand the risks within cybersecurity and giving them the knowledge to spot suspicious behaviour. Contact us today to find out more.
