Cyber threats to our business are usually blamed to outsiders but they are inside threats originating from ignorance and negligence of employees which opens the door for cybercriminals.
The attack comes where the organization is most susceptible i.e. employees. One may have the best systems to protect their business with best cyber security, the truth lies in providing cyber security training to employees.
According to IBM’s “Cyber Security Intelligence Index” 95% of all security incidents involves human error. Hence ongoing security awareness training is crucial.
Tips for Businesses and their employees:
Do not ignore updates
The operating system and your antivirus software should be updated regularly/every time they are available. Do not forget your phone/mobile devices as well if you use them for work. There are updates released to make the security robust or avoid malicious software from capturing your systems and data. You can set your anti-virus to run full in-depth scans at a certain time of day, such as when you finish work. So, take the time to show them.
Choose strong passwords, change them regularly.
Even the most advance antivirus software cannot do much if your password is “pasword123”, or if it is on a “post-it” left on your screen, or if it is your pet name, about which you have already posted on social media. Passwords should be at least 12 characters long with symbols and numbers.
Keep sensitive data to the minimum on your device/workstation.
Make sure that one keeps only data that one needs now or use on a regular basis synced on their work device. All data not in use should be backed up and deleted from workstations to minimize the impact of any breaches and protect client data and privacy.
Always consider the recommendation of destroying your outdated electronic devices using a certified e-waste recycling partner. It assures you that the information is cleaned out with the device. Please remember deleting your info and tossing the old one out is not an awesome idea as hackers can still access the information if they are able to obtain the device. The crux is Do not Delete, Destroy.
Do not leave your devices unattended.
You should keep a lock to avoid any third-party access to your valuable data. Even if you are busy with some other activity.
Always verify independently.
Always type your bank’s URL in the browser yourself (or any other online service you use, such as your accounting software, or government agency such as IRD), and never follow email or website links to access these services. Always look up the contact details online and never use the contact details in the signature if you must verify the sender.
Many online sites that carry different types of information often use two-step authentication during login session. While it may seem inconvenient to have to wait for a code to be text or emailed to access information, it is a lot easier to do than dealing with the identity theft.
Sharing Is not Always Caring
Social Media is a great way to keep up with friends and family, it is also a great way for hackers to find out information about you to help them authenticate your identity. If one has an active online presence, that is great, but just be aware of what you are sharing and with whom. Just because you mark your profile as private, does not mean people do not have ways to access the information you share there.
Be careful where you click
Do not fall for phishing scams that often have you re-enter credentials to log in to certain sites or redirect you to pages to complete forms with personal information. Check out the tips to recognize phishing scams. A user should check the URL as well look for HTTPS. HTTPS sites deem as secured one. Try to avoid giving information on insecure sites.
If you are accepting online payments then, you should worry about online security of your customers hence, SSL certificate is an ideal solution for web security. If you are searching for a low-cost SSL certificate then, Comodo Positive SSL is a nice choice for your site. For small blog or website, this certificate is best.
Establish cyber security rules for your employees and make them aware of the important role they play in security
Each company requires a security policy whether it is a small or big company. Ensure employees know the policy and are adequately trained to do what it asks – for example, if you require a BIOS (Basic Input output system) password, ensure your employees have enough knowledge to set it up. By teaching employee’s good security practices, you will help change their behavior and motivate them to adhere to the policies. Make sure your employees learn the security policy and you enforce the rules.
An effective IT security policy considers the organization’s mission, the possible threats, the critical assets that need protection, and the risks against known vulnerabilities. Your IT policy is the document you will use to develop your company’s procedures and guidelines. Looked at another way, the policy states what needs to be done, and the procedures and guidelines state how.
Perform regular internal security audits and plan for improvements
Technology changes so rapidly that associated security policies must be reviewed much more often than other business processes. New software vulnerabilities are discovered daily, so it is important to be proactive rather than reactive. Regular security audits, at the very least on an annual basis, will help us measure the organization’s current security policy and operations against potential threats.
Last but not the least, staying alert and vigilant is key to staying safe online in an increasingly unsafe environment. Do not be shy, if in doubt, ask.
If an employee comes to you with questions, answer them. It can really help to keep your data security and your employees happy. Best of all, they will continue to learn more about security the more questions they ask, and so their knowledge of cyber security will only improve in time. After all, it is better to ask a question about an unusual update pending than simply accept it and allow a hacker into the system!
As our business begins the journey to enhance its cyber security measures , it all starts with educating our employees The tips above with some basic common sense can go a long way in making sure sensitive information does not fall into the wrong hands.
After all, Education and technology is a winning cyber security combination.