Posts

What your employees can do to reduce cybersecurity risk

/in , /by

StrategyDriven Risk Management Article | Cybersecurity | Cyber security | What your employees can do to reduce cybersecurity riskNo longer just the responsibility of the IT department, cybersecurity is something that all employees have a vital role in. From making smarter decisions in the workplace to understanding how to spot common attacks, employees can do much to combat cybercrime in all of its forms. Here we take a look at the things that your employees can do to help keep your business secure.

Install regular software updates

It is unfortunately the case that many employees leave their computer turned on at all times – even when they’re out of the office. The convenience of having all windows and browsers tabs open when they return to work is offset by one a major cybersecurity weakness – computers with out-of-date operating systems and applications.

When an employee does not regularly turn off a computer it can leave the system without critical updates that are only installed when it is shut down. These updates fix vulnerabilities and weaknesses that could be exploited by cybercriminals. This is why it is vital that employees shut down their computers regularly.

Understand the dangers of phishing attacks

Phishing is still a major problem. We have all seen a phishing email; sent from a fake account and designed to look like a legitimate sender. The email will attempt to trick you into clicking a link and being sent to a duplicate version of a genuine site, with the exception that when you enter your login details, these will be harvested by criminals.

You might think you know how to spot a phishing scam – but phishing is becoming more sophisticated in 2020. A rise in deepfake voice phishing could see employees tricked into sending money to scammers or revealing sensitive information after getting voice messages and calls that sound like they are from senior executives.

It is important to understand these risks in order to be able to combat them.

Broaden their cybersecurity awareness

It is important for your employees to stay up to date with the latest tactics and techniques being used by cybercriminals. Providing employees with regularly updated training can be hugely valuable in boosting their knowledge and understanding. Employees with good cybersecurity skills and knowledge make a valuable line of defence against cybercrime.

One way that you can assess the cyber maturity of your employees is by engaging a cyber security company to carry out a pentest of the organisation. For example, this could take the form of a simulated phishing attack to see if any of your employees give out their log-in credentials.

Work closely with the IT department

It is important that employees should avoid any instances of “shadow IT”. Shadow IT is the term for any application or software that is installed on an employee’s computer without the knowledge and consent of the IT team.

Going through the process of having a piece of software signed off and approved can be frustrating and time consuming, but failing to do so can lead an employee to download software containing a vulnerability which can be exploited by hackers. Or which isn’t updated in the future by the IT team when known issues are identified in the software.

Be willing to invest in enhanced security tools like privileged access management, so system users are provided with different levels of access. This ensures greater control and, therefore, security.

Set strong passwords

Experts disagree as to whether employees should change their passwords on a regular basis. On one hand, changing passwords can be an important way to limit the risk of stolen passwords being used to access accounts. But on the other hand, employees being forced to remember too many different passwords will often result in them instead using unsafe workarounds.

It can be agreed, however, that the use of weak and commonly-used passwords is to be avoided. According to cybersecurity specialists, businesses can prevent staff from setting common passwords by enforcing rules and complexity such as the use of special characters.


Follow good cybersecurity practice away from the office

It is important if an employee works from home or remotely, that they should follow good cybersecurity practice when they do so. Any time that an employee accesses company data they should do so in an environment that is as secure as the environment in their workplace. Their remote computer should have cybersecurity measures just as powerful as those in the office – otherwise they are making themselves an easy target. For example, using public Wi-Fi is a major security concern.

Backup data regularly

Ransomware is still a problem, and losing access to business-critical data can be a major problem for any company. That is why it is vital that employees should use their company’s corporate network where possible as this is likely to be backed up regularly by the IT team. However, if staff do store data locally then they need to back up their data on a regular basis – ensuring that it is saved somewhere that would not be compromised in the event of a criminal attack.

Final thoughts

It is important that employees understand cybersecurity best practice so that they can act in accordance with it. Informed staff can be a powerful line of defense against cybercriminals.

Across The Memory Board – How To Educate Our Employees On The Best IT Practices

/in , /by

StrategyDriven Talent Management Article | Employee Training | Across The Memory Board- How To Educate Our Employees On The Best IT Practices

Cybersecurity is one of those overriding concerns in modern business. As there are more data breaches making headlines affecting a wide variety of companies, it seems that nobody is exempt from cyber terrorism or crime relating to technology. This means it’s crucial for you to look at your vulnerabilities. While you can set up various types of systems to protect your company, one of the most vulnerable areas of your business isn’t a technical one, it is a human one. Your employees are prone to human error. And we’ve got to make sure that we train our employees to understand the best practices of IT. What sort of tactics and practices can help you in this situation?

Investing In Employee Training

From a technical perspective, we can outsource components to a network services company or IT specialist, so they have the responsibility, but when we look at our in house components, it’s crucial for employees to grasp cybersecurity as a maintenance issue rather than something that they learn once in a blue moon. We’ve got to remember that cyber terrorism is a constantly evolving entity, which means that we’ve got to upregulate our systems and our approach to protecting the company. While we can invest in components like software patches and outsourcing technical duties to another company, we still have to invest in the people that we see each and every day. We have got to commit to a wide variety of tactics, so our teams know what is out there and what they can do to combat it. Partly we have to invest in training, but we’ve also got to change our mindset. It’s so easy to blame the employee that opens the phishing scam attachment rather than addressing the mentality of the employees in general. This is where training becomes essential.

Working On The Best Practices

It’s so easy for us to say that password security is an essential component because everybody knows to an extent this can protect most of us from phishing scams or cyber-attacks. But getting your team to do this is an entirely different ballpark. Working on the best practices with something like changing passwords is partly to do with your employees, knowing the traits of a strong password, but also understanding the outcome of not following these processes. On a basic level, a password needs to be long with multiple characters, and it’s changed on a regular basis. But remember that in order to ensure compliance from your workers, building a reminder to change passwords through regular feedback as well as password management tools can help your employees to keep on top of these issues.

Focus On Cybersecurity Awareness

The people in the IT department may know the sorts of data breaches out there but you can’t expect your employees to follow the trends in the news. You may know which way the signs are going, but it can still prove challenging to understand how regularly these things occur. There are numerous resources that you can take advantage of that provide detailed information on the latest cybersecurity breaches, but you also need to remember that this message needs to be loud and clear. Distributing this information through your team is about consistency. If you continue to share the information on a regular basis, along with the repercussions, this puts the message across. At the same time, you don’t want to bombard your employees with too much information that they don’t bother reading it.

Integrate Cybersecurity With New Employees

The onboarding process is the perfect opportunity to introduce your employees to the best practices. If you incorporate it into your training process from day one, you are able to go over the rules but also explain the importance of these best practices. Again, it’s about reiterating how much of a threat data breaches are. You need to create clear cybersecurity guidelines through important regulatory documents but also initiate a complaints procedure should a breach occur. When your employees hear about a potential breach, you must create an environment where employees share information rather than trying to cover up their mistakes.

Implement It From The Top Down

From the perspective of the executives, communicating the need for regular training in terms of cybersecurity practices is about highlighting its effect on the bottom line. Yes, there is no shortage of news relating to data breaches, but you’ve still got to make a case for it when money is tight. Looking for an executive buy-in is about making your case clear with regards to the costs but also going in with a comprehensive plan as to how the training would be undertaken. It’s also crucial to point out the costs of a data breach. Based on experience, once you highlight how more expensive a data breach is in comparison to training and onboarding practices, it’s likely executives will opt for the latter.

Implementing Regular Drills

We test the fire alarm on a regular basis, so why don’t we incorporate data breaches? When we train employees on a new piece of software, there comes a time where we have to let them fly by themselves. Allowing them to experiment in an environment with their new skills gives you a clearer picture of the potential problems that can occur and if your employees are ready to deal with them. Testing your business with a live-fire simulation can be a massive undertaking, but you can do it through smaller simulations like spot-checking your employees to see if they know the principles of combating a phishing scam email.

As technology is such a major investment and the fact that we rely on it to do 95% of our tasks, we need to make sure that our employees know how to use it properly. Many organizations invest in sophisticated equipment but don’t have the means to operate it. When our employees need to understand how to use the equipment, we can guide them, but we’ve also got to give them knowledge of the best practices underneath. Cybersecurity is such an important issue that if we communicate it so much, our employees can switch off. But by following a few of these processes, you can start to educate everybody across the board.

Winter Is Coming, So Protect Your Business With Its Very Own (Fire)Wall

/in /by

Game of Thrones fans across the world have spent years marveling at Jon Snow’s dedication to his all-important wall. While business lessons are probably few and far between in Game of Thrones, his dedication to keeping his country safe is one that any company should take on board. You might not need a physical brick wall outside your office, but that doesn’t mean you can’t still use a wall of some kind to keep your company safe.

Virus and spyware protection services like those offered by Charles are a first port of call for any company that wants to keep their data and customers safe. And, once you put managed security services like these in place, you can bet that a firewall will soon follow.

Unlike Jon Snow’s physical wall, Wikipedia describes a firewall as ‘…a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.’ But, what exactly can a security measure like this do for your company?

Your first line of defense

The GOT wall is the first line of defense in case of attack, and your business network firewall is no different. Viruses or malware on a business computer can have a catastrophic impact on your company’s operations and reputation. In fact, malicious malware that steals customer information could cripple your company altogether. In a sense, a firewall works as a shield against attacks like these. Whether you put one in place or trust a managed security service to do it for you, this is a way to improve security with little real effort on your part.

A way to stop anyone getting in (or out)

Like any good wall, a firewall provides a solid support to stop things getting either in or out of your company network. Strong firewalls will inspect the flow of traffic both ways, monitoring and blocking viruses as and when they arise. A firewall can also prevent unauthorized websites to ensure no unwanted pages find their way into your office. As well as keeping your company safe, then, a well-installed firewall can keep distractions like social media and personal browsing well clear of your work environment, and can make for increased productivity all around.

pasted image 0 5A safe place from which to spot trouble

Our GOT favorites continually patrol their wall for any sign of trouble, and this is yet another benefit that a firewall can bring to you. Far from just blocking viruses as they arise, a firewall can work wonders for foreseeing and even warning you of coming trouble. For instance, any firewall will log potential intrusions or unauthorized activity, thus allowing you to check out possible problems before they arise. By foreguessing and blocking malicious applications, your firewall can even do a pretty good job at its own patrol out of office hours.

For these reasons and more, a firewall is vital for security in any business setting. As a company owner, you should, therefore, go forth and be the watcher on the firewall.

Business Risks and How to Prepare for Them

/in /by

StrategyDriven Risk Management Article | Business Risks and How to Prepare for ThemBusiness is a risky game and one threat that arises that you weren’t ready for can have a devastating impact. Risk management plays a big role in the finance department who are constantly assessing for risks that could impact the company’s cash flow or investments. However, there are a number of other risks that all departments have a view of that can cause big problems if not assessed and prepared for in advance.

Data Breaches

One of the biggest risks to all businesses in modern times if the risk of being the victim of a cyber-attack. Criminals are on the hunt for a range of information from businesses. The most common data they go after are customers personal details. These could include, names, addresses, bank details, and credit card numbers.

There can be huge fines and PR consequences if businesses are found to have been incompetent with their data management. Another piece of information that criminals are looking for is IP information. Stealing intellectual property is becoming very common now and businesses need to have the right systems and processes in place to protect IP that could be worth millions or billions of dollars.

Injured workers

It’s estimated that every 7 seconds a worker is injured in their place of work. Many of the injuries sustained are avoidable but it costs businesses millions of dollars and time in lost production to compensate workers for losses.

Among the questions employees regularly have about workers compensation are ‘how long does it take to receive workers comp’ and ‘are workers comp benefits taxable’. Being clear with your employees about the processes and health and safety procedures you have in place will help to minimize the risk of people being injured at work. This, in turn, will lead to fewer claims if people are more aware of the safety precautions that they need to take.

Product Recalls

There have been many high profile cases of product recalls in recent years, one of the main ones being the Volkswagen emissions scandal. This originally began in 2015 when the EPA found that Volkswagen had been deliberately tampering with their emissions outputs.

There is no limit to the damage a product recall can have on a business. Some businesses have been so badly affected that they have declared bankruptcy and closed down. Implementing tight quality controls and regularly auditing processes, machinery and staff are good ways to ensure that the risk of having a product recall issue is lowered.

Even if your business has never had a product recall issue, you should have a process in place in case this does ever happen. Along with how you will identify a defective product you must think about how you will get the message out to consumers that they need to return the product and what your policy will be on refunds or exchanges. Just as important will also be your PR strategy and how you manage a potential customer or industry backlash.

 

2019 Cyber Security Statistics

/in /by

Cyber security challenges are not just limited to large banks, credit bureaus, utilities, or other critical entities, they effect all businesses.

The infographic below, presented by techjury, reveals the cyber security statistics for 2019.
 
Cybersecurity Infographic | Tech Jury | Cyber Security Stats – Infographic
 
Republished with permission from techjury.