According to IBM’s 2016 Cybersecurity Intelligence report, 60% of cyber attacks were carried out by insiders. Only 75% of those were attacks that were done on purpose. The other 25% were done by accident. In order to protect themselves from cyberattacks, organizations must train their staff in safe computing procedures so that they can avoid becoming unknowing accomplices to malicious activity.
Here are five essential lessons your staff must learn about cybersecurity and how to avoid being hacked.
You might be amazed to find out how many of your employees think downloading software is safe as long as it comes from a well-known brand. Many risks can come with downloading software. They don’t realize that the download source is just as crucial as the file itself. There are a lot of websites on the internet that offer free versions of well-known paid programs. Most of the time, trojans, spyware, worms, viruses, and other types of malware will be in these downloads.
If you can, restrict downloads to business machines. If you can’t, set up the proper download rules and ensure everyone knows what they are. After you finish a download, you should run it through an antivirus and spyware scanner. Also, you must ensure that the company’s software is always running the most recent version. With each update, software makers fix any security holes. If you don’t keep them up to date, your whole system could be at risk.
SplashData puts out a list of the worst 100 passwords every year. They put this list together using leaked usernames and passwords from the dark web. Passwords like 12345, 123456, 12345678, and “password” consistently rank among the worst choices, in the same way they did in 2011 and 2015, respectively. Your employees should not only come up with unique passwords but also change them often. Once every three months is fine, but once a month is better.
Good security works in both directions. It’s important to teach, educate, and train your employees on suitable cybersecurity protocols, but it’s also important to follow them yourself.
As part of setting up good procedures, you should ensure that your work is backed up often. Not only can this help keep your employees from losing valuable work (you might be surprised by how often important documents get deleted), but it can also help protect you in case of a ransomware attack.
Also, you should ensure you have a full cybersecurity suite, including tools for keeping an eye on what your employees do. Even though there is a lot of debate about businesses acting like “big brother”, the fact is that data is too valuable these days to trust that your employees will follow good security procedures on their own.
BYOD (Bring Your Own Device)
Millennials, in particular, are usually very picky about the devices they use. Many people would use their cell phones rather than tablets or computers at work. Even though many businesses like this idea. You can’t keep an eye on personal devices to ensure security rules are followed. Also, some firms or industries are easier to attack than others. In some cases, it’s because they have the most valuable data, like in finance or health care. In other cases, it’s because they have the least strict security rules.
Small businesses of all kinds are some of the most likely to be attacked online. You don’t have to stop your employees from using their devices at work, but you should give it some thought. And set clear rules about what they can and can’t use and how much access they can have to their devices.
Spam and Phishing
Most people should know by now not to click on links or open attachments. They should also know not to use 12345 or “password” as their password. Still, people do it. The good news is that you can’t get a virus by just opening an email, but the bad news is that bad people are getting better at getting you to click.
In many cases, they will look through company directories to find an employee’s name and then make a fake email account that looks much like your business account. When you get an email which looks like it’s from another employee, you may not check the address to make sure it’s really from your company before clicking. This is another common way that phishing is done. Instead of sending a link to click that leads to a virus or other malware, phishers will make fake accounts using the name of another employee and ask for sensitive information. Some of the information they want may seem harmless, but if it gets into the wrong hands, it can be deadly. In other cases, employees sent whole client lists or files to fake email addresses by accident, which led to massive data breaches.
Cybersecurity used to be seen as a problem exclusively for major corporations. Regarding their security, most companies mainly care about their physical and financial assets. You have something priceless to safeguard now if you have clients, customers, or consumers. With the advent of digital technology, information has become almost as valuable (and simpler to steal) as currency.