Like it or not, these days employees pose the biggest cyber threat to businesses. Today’s remote working culture means that staff are constantly exposing their employer to threats through multiple device, channels and networks.
Cyber security must be a collective effort and, as such, employees must be educated sufficiently on best practice. Here are my three top tips to ensure that employees are aware of how to best maintain their company’s cyber security:
Having a strong password seems obvious, doesn’t it? But you wouldn’t believe how many employees are still failing to implement this most basic of IT security protocols. A recent ranking showed that ‘password’, ‘qwerty’ and ‘123456’ were among the most commonly-used passwords last year. The fact is even if passwords seem cryptic to the individual, unless it’s a random combination of characters; it’s almost definitely nowhere near strong enough. Thousands of bots are working around the clock to crack passwords, so if a password consists of a name, noun, or any word in the dictionary, it’s only a matter of time before it will be guessed.
Most people know that passwords should be different for every account but this is easier said than done. To help ease the memory burden, password managers are available and should be made compulsory for every member of staff. A tool like this will store and encrypt each user’s passwords in one place and only one password needs to be remembered to access them. The tool will also identify weak passwords, generate more complex substitutes and prompt employees to change them on a regular basis.
Keep up to date
Most savvy businesses will have invested in antivirus software to protect their office IT systems, but little know how disciplined their staff are at updating software on their various devices. Cyber criminals are constantly working to find loopholes and subvert security systems so it’s important you stay one step ahead. Updates are there to patch vulnerabilities and security flaws so it’s crucial to make sure employees install them when prompted. And this doesn’t just apply to desktop computers within the office. If employees are working remotely, using mobiles and tablets, these devices need to be secured too. A simple IPhone update can add an extra layer of security and prevent sensitive business data being hacked.
Secure your email channels
Believe it or not, the most commonly used communication channel in business is arguably the most insecure. Phishing scams are rife and opening a dodgy link or attachment in an email can take down your business in the click of a button. Educating staff on how to identify scam emails will certainly help to negate this threat, although some phishing attacks are almost impossible to spot. If your business domain is unprotected, for example, there is nothing stopping a cyber criminal sending emails on your behalf to unsuspecting colleagues. Despite this fact, recent research by Cyber Security Partners reveals that 97% of FTSE 250 companies are leaving themselves exposed to phishing attacks this way. Fortunately there is technology available that can help. DMARC is free, simple to implement and enables businesses to quarantine any emails that aren’t legitimate. It’s also worth making sure your staff know never to send sensitive information over email unless it is encrypted.
Whilst your workforce may be your biggest threat, it is also your greatest asset when it comes to online security. Cyber security starts at the grassroots level and a few simple measures taken by every employee will go a long way in securing your business. Prevention is always better than cure, so start building your human firewall today.
By Chris Underhill, chief technical officer at Cyber Security Partners