We’re all getting net savvy. We’re always on. We wake up and reach for our phones to check for mail, messages and updates. It’s not just millennials – the generation born with the internet as standard – it’s fast becoming all of us regardless of age. We instinctively reach for our pockets or bags when we hear a phone ping.
But we’re still getting conned
Ask employers what is the biggest risk to their organisation’s online security and eight out of 10 will give you the same answer: employees. Whether it’s clicking – even unintentionally – on a malicious link in an email, or being overly casual when using public networks to do some work, employees are prone to inadvertently opening the door to malware. Hackers are getting ever more sophisticated too: some are impersonating senior executives – by hijacking their email – and tricking employees into making fraudulent transactions.
In 2014, 31% of businesses who took part in UK government research said “inadvertent human error” had caused their biggest data breach. Last year, the figure was 50%. The cost of these mistakes can be significant. In 2014, 60% of small businesses experienced a cyber breach and the average cost of the worst breach was between £65,000 – £115,000.
For travel brand Thomson, one employee’s mistake made global headlines. Data containing the name, home address, telephone number and flight information of 458 people were attached in error to an email. The simple lesson? Everyone should take a moment to think twice before attaching documents to an email and hitting send. It sounds so simple but it can be a tough lesson to learn. The habit of how we use the internet – click, click, quick, quick – is deeply ingrained.
Fear not, help is at hand
Technology isn’t going to solve the human side of the cyber security equation any day soon and the hackers aren’t going to stop targeting employees because they know their habits; they know they’re fallible. However, as hard as some of our habits may be to change, change them we must. With the right attitude and training, we can.
Tony Anscombe, Senior Security Evangelist at AVG Business, shares eight simple tips to help your employees become more aware of the risks and improve cyber security:
Think twice before clicking email links or attachments – is the email genuine? There are some simple things to look out for when it comes to spotting email scams. Even if an email looks like it’s coming from a colleague, if there’s something odd about it, double check it came from them using a different means of communication or creating a new email to them.
Think carefully before accessing or sharing company data over public networks. Free WiFi doesn’t mean secure. It’s important to ensure an employee’s device doesn’t connect automatically to free WiFi hotspots while they’re on the move, they need to confirm the connection.
The best rule is: work kit for work tasks – avoid employees using their own tech in the office. If you have a Bring Your Own Device policy (BYOD), be specific which types of devices and applications are acceptable to bring to work or use when working remotely.
Avoid using personal messenger accounts or social channels to communicate with colleagues or clients about work or for sharing confidential data!
Change passwords regularly and make them stronger, ideally, use a random password generator. If two-factor authentication can be used, even better. The more, and harder, steps a hacker has to go through, the better protected your business will be.
Discourage employees from installing anything but essential apps on their work devices. You can do this formally in a policy and support it with training sessions to explain the risks and reasoning.
Protect company tech from theft or accidental loss when it’s taken out of the office, particularly smartphones, laptops or even removable drives/USB sticks. Many devices can be tracked and disabled remotely but far better not to have to resort to that option in the first place.
Reporting lost or stolen tech or suspicious emails immediately. Have a clear procedure and “hotline” in place, without the threat of punitive recrimination, it will help employees to feel confident and report issues or breaches promptly.
These steps are more about behavior than technology, so in that respect, they need to be implemented in a different way. Helping your employees to learn new ways of working and understand what the risks are needs time and training.
Security starts on day one
Most companies take new employees through a basic induction programme on their first day – showing them around, where the fire exits are, and introduce them to colleagues. Day one induction needs to include basic training in online security. This is about making employees aware from their very first day that prevention is always better than cure and that you take this seriously.
The times are a changin’
There are signs of positive improvement. A survey, by PwC, found 72% of large organisations (up from 68% a year ago) and 63% of small businesses (up from 54% a year ago) do in fact provide ongoing security awareness training to their staff.
Turning your employees into a security asset
Each and every employee is potentially a weak link in the cyber security chain, but they don’t have to be. As the saying goes, the best defence is a good offence: continual learning and improvement might not defeat the hackers once and for all – it doesn’t have to – but it will certainly make it an awful lot harder for them to break through and reduce the risk of your business being an easy target.
Read more: http://www.hostreview.com/blog/160606-8-simple-tips-to-improve-your-employees-cybersecurity#ixzz4AmdnS64i