The underground cybercrime market keeps flourishing as new technologies emerge and the traditional workplace evolves. Last year’s cyber attack statistics revealed that cybercrimes now cost the global economy about 1 trillion USD. Even more surprising is that human error is to blame for around 90% of all data breaches. And yet, people remain the most neglected tier of the PPT (people, processes, and technology) framework for cybersecurity.
You can have the best over-the-counter security products like next-generation firewalls and the latest anti-virus programs but cybercriminals just need to exploit one naive employee to hack into your network. Given the high cost of cyberattacks, which is as high as 2.35 million USD for small businesses, it’s high time that business owners start focusing on their weakest link – the employees. And it all begins with education and security awareness training.
Not sure how your employees can prevent advanced cyber attacks? Here’s how:
1. By Not Responding to Phishing Emails
Getting senior interns onboard is all fun and games until they click on the fake discount link. In all honesty, it’s not just the senior citizens who fall for phishing scams. Evolved phishing tactics like CEO fraud can trick the best of us. Naturally, when the CEO asks someone to attend to an urgent task, they rush to oblige when they should actually:
- Double-check the sender’s address to ensure that it’s not using trick-spelling to spoof the company’s domain.
- Verify data/financial requests or major procedural changes in-person or through a phone call.
- Avoid clicking on attachments or links from unknown senders
Simple as they seem, encouraging your employees to mind these precautions can save your bottom line and reputation.
2. By Not Connecting to Unsecured, Public Wi-Fi
The constant buzz at a local cafe is far less distracting than the toddler tantrums back home. But connecting to a password-free, public Wi-Fi makes your employees susceptible to man-in-the-middle attacks. Instead, employees should:
- Use cellular data to check emails and work apps on the go.
- Use a VPN to connect to the company’s internal network when working remotely.
- Activate the firewall and install anti-virus on all personal and work-related devices.
Most importantly, employees can keep many cyberattacks at bay simply by adhering to their company’s remote work policy, which most likely discourages working from public places anyway.
3. By Following The Strong Password Policy
Do your employees use the same, six-year-old password for all personal and work applications? You need to know whose side they’re on because hackers need only crack that one password to enter your network. You need to enforce a strong password policy so that your employees have to:
- Use different passwords, all meeting the complexity requirements, for different apps.
- Change their passwords periodically.
- Use a new password whenever they have to change their password.
It’s all for naught if they’re keeping a track of all these passwords on a sticky note on their desktop. A good password manager can help them follow your password guidelines without being overwhelmed.
4. By Controlling their Social Media Footprint
If your employees are unaware of the reasons behind your password policy, don’t be surprised if their Instagram password is their pet name combined with their birthday and their account has pictures of the office ID card. One of the biggest cybersecurity favors your employees can do you is to use social media mindfully. They should:
- Choose security questions that can’t easily be traced to their social media.
- Avoid sharing pictures of their office ID and their in-office and at-home workspaces.
- Avoid befriending unknown people on social media and use privacy settings.
By not putting too much information on their social media, employees can save themselves and their peers from highly-targeted spear-phishing attacks.
5. By Following your Acceptable Use Policy
BYOD (Bring Your Own Device) and WFH (Work from Home) trends raise many security challenges for security teams. But most importantly, they remove the lines between personal and work devices. The same device that connects to the office network in the morning shouldn’t be used for P2P downloads in the evening.
- Follow the internet usage policy by not playing games or surfing idly on the web while connected to the office network.
- Don’t disable security controls like firewalls and anti-malware programs on work devices.
- Don’t share work devices with friends and family.
- Never leave a logged-in device unattended, especially at a public place.
Having an easily understandable acceptable use policy, including remote work policy and internet/computer usage policy, and explaining the security reasons behind them can show your employees how they can play their role in keeping the company safe from cyber attacks.
However, as a business owner, you will have to keep your expectations in check and make peace with the fact that security incidents can happen despite your and your employees’ best efforts. Rapid detection through continuous monitoring, coupled with a proactive incident response plan, can mitigate the consequences. Just keep reiterating the importance of staying vigilant, using technology responsibly, and reporting suspicious activities to the relevant people right away.