10 Ways to Ensure an Employee Stays Cyber Security Aware
23 June 2021
We all hear a lot about Cyber Security and its importance in the workplace, it has become more important than ever educate and train end users on cyber security best practice in the work place and when working from home.
We have listed 10 key points that every business should look out for.
Digital threats are becoming more sophisticated and educating your workforce on cyber security practices is the most effective way of preventing any security breaches.
With home working increasing during 2020 and in to 2021, these remote working environments came with huge challenges with risks from phishing, malware and data storage and the possibilities of a breach.
With all the above in mind, we feel our 10 key points are the most important to look out for. Human error is the cause of 95% of cyber security breaches and with simple training protocols in place this number can be dramatically reduced. Recent estimates suggest that only half of all employees receive training once a year and the importance of creating a ‘Human Firewall’ is more relevant than its ever been.
In the last year we have seen a huge increase in phishing attacks. There was the huge amount of pandemic related phishing emails. Google’s Threat Analysis Group reported in mid-April that they blocked 18 million COVID-19 themed malware and phishing emails per day.
Phishing attacks are still the most common cause of cyber-security breaches. Current figures clearly reflect the need for awareness of phishing attacks, research suggests 91% of successful cyber attacks are the result of a phishing scam.
Although companies are increasingly aware of phishing, it is still a growing threat in 2021, in part due to lack of awareness on the employee level. By driving security training as part of the company's philosophy through recurrent security awareness training this number can be dramatically reduced over time.
By training your end users to recognise potentially harmful emails and reporting suspicious ones, this threat can be dramatically reduced. By offering cybersecurity training courses, employee awareness of such attacks can be dramatically improved with consistent training. Simulated phishing attacks can demonstrate the potential risk to your company from such attacks.
Another security awareness topic that is used daily by companies is removable media. Removable media is the portable storage medium that allows users to copy data to the device and then remove it from the device to another and vice versa. USB devices containing malware can be left for end users to find when they plug this into their device.
As well as understanding the risks your employees need to know how to use these devices safely and responsibly in your business. There are numerous reasons a company would decide to use removable media in their environment. However, with all technologies, there will always be potential risks. As well as the devices themselves, it is important your employees are protecting the data on these devices. Whether it is personal or corporate, all data has some form of value.
A few examples of removable media you and your employees might use in the workplace are:
- USB sticks
- SD cards
This security awareness topic should be included in your training and cover examples of removable media, why it's used in businesses, as well as how your employees can prevent the risks such as lost or stolen removable devices, malware infections and copyright infringement.
Passwords and Authentication
This sounds obvious but it is an often-overlooked element that can help your company's security is password security. Often commonly used passwords will be guessed by malicious actors in the hope of gaining access to your accounts. Using simple passwords or having recognisable password patterns for employees can make it simple for cyber-criminals to access a large range of accounts. Once this information is stolen it can be made public or sold for profit on the deep web.
Implementing randomised passwords can make it much more difficult for malicious actors to gain access to a range of accounts. Other steps, such as two-factor authentication, provide extra layers of security which protect the integrity of the account.
Clean Desk Policy
We have all seen it when people leave their passwords on a sticky notes on their desk or in a book in an unlocked desk cabinet. Though many attacks are likely to happen through digital mediums, keeping sensitive physical documents secured is vital to the integrity of your company's security system.
Simple awareness of the risks of leaving documents, unattended computers and passwords around the office space or home can reduce the security risk. By implementing a clean-desk policy, the threat of unattended documents being stolen or copied can be significantly reduced.
IT technologies like mobile phones, tablets, laptops, Chrome Books etc has improved the ability for flexible working environments, and along with it more sophisticated security attacks. With many people now having the option to work using mobile devices, this increased connectivity has come with the risk of security breaches. For smaller companies this can be an effective way of saving budget, however, user-device accountability is an increasingly relevant aspect of training in 2021, especially for travelling or remote workers. The advent of malicious mobile apps has increased the risk of mobile phones containing malware which could potentially lead to a security breach.
Best practice online courses for mobile device workers can help educate employees to avoid risks, without high-cost security protocols. Mobile devices should always have sensitive information password protected, encrypted or with biometric authentication in the event of the device being lost or stolen. The safe use of personal devices is necessary training for any employees who work on their own devices.
Best community practice is making sure workers should have to sign a mobile security policy.
The obvious need for remote working, combined with the increasing uptake, led to many companies taking drastic steps towards part time to full time working from home policies. Remote working can be positive for companies and employees promoting increased productivity and greater work-life balance. This does however pose an increased threat to security breaches when not safely educated on the risks of remote working. Personal devices that are used for work purposes should remain locked when unattended and have anti-virus software installed. If a company wants to offer this incentive, they should focus on educating remote employees of safe working practices.
It is likely that the home working trend will continue. Though we hope to see offices reopening and a return to normal working life, companies have increasingly hired remote workers, and those who have adapted to this lifestyle may prefer to work this way. The need to train employees to understand and manage their own cybersecurity is apparent. As we've seen there is an increasing threat landscape targeting these individuals. Ensuring they keep security top of mind is a key theme of 2021.
Some employees who need to work remotely, travelling on trains and working on the move may need extra training in understanding how to safely use public Wi-Fi services. Fake public Wi-Fi networks, often posing in coffee shops as free Wi-Fi, can leave end users vulnerable to entering information into non-secure public servers.
Educating your users on the safe use of public Wi-Fi and the common signs to spot a potential scam will increase the company’s awareness and minimise risk.
We all share large parts of our lives on social media, from holidays to events and work. But oversharing can lead to sensitive information being available, making it easy for a malicious actor to pose as a trusted source.
Educating employees on protecting the privacy settings of their social media accounts and preventing the spread of public information of your company will reduce the risk of the potential leverage that hackers can gain from this access to your personal network.
Internet and Emails
Some employees may have already been exposed to data-breaches, by using simple or repeat emails for multiple accounts. One study found that 59% of end users use the same password for every account. This means that if one account is compromised, a hacker can use this password on work and social media accounts to gain access to all of the user's information on these accounts.
Often websites offer free software infected with malware, downloaded applications from trusted sources only is the best way to protect your computer from installing any malicious software. Educating employees on safe internet habits should be a key part of any IT induction, though some may see this training as obvious, it is a key part of the safety of any security programme.
Many large websites have had large data breaches in recent years, if your information has been entered into these sites, it could have been made public and expose your private information.
Security at Home
The threat of malicious actors does not stop when you leave the workplace. Many companies allow their employees to use their personal devices, which is a great cost-saving method and allows flexible working, however there are risks associated with this. Unwittingly malware downloaded applications on personal devices can risk the integrity of the company's network if, for example, log-in details are compromised.
Additionally, The growing network of digital resources available to workers and companies has increased connectivity and productivity. However, these applications also pose a risk to the user, a study by Propeller found that phishing campaigns targeted to dropbox had a 13.6% click-through rate. Increasing employee knowledge, sharing encrypted files and authenticating downloads will reduce the risk.
A Plus Security offer a vast range of IT Security Support Solutions, which can help your business maximise performance. To get in contact with us to see how we can help you call 01702 293157 or contact us here.