What your employees can do to reduce cybersecurity risk

StrategyDriven Risk Management Article | Cybersecurity | Cyber security | What your employees can do to reduce cybersecurity riskNo longer just the responsibility of the IT department, cybersecurity is something that all employees have a vital role in. From making smarter decisions in the workplace to understanding how to spot common attacks, employees can do much to combat cybercrime in all of its forms. Here we take a look at the things that your employees can do to help keep your business secure.

Install regular software updates

It is unfortunately the case that many employees leave their computer turned on at all times – even when they’re out of the office. The convenience of having all windows and browsers tabs open when they return to work is offset by one a major cybersecurity weakness – computers with out-of-date operating systems and applications.

When an employee does not regularly turn off a computer it can leave the system without critical updates that are only installed when it is shut down. These updates fix vulnerabilities and weaknesses that could be exploited by cybercriminals. This is why it is vital that employees shut down their computers regularly.

Understand the dangers of phishing attacks

Phishing is still a major problem. We have all seen a phishing email; sent from a fake account and designed to look like a legitimate sender. The email will attempt to trick you into clicking a link and being sent to a duplicate version of a genuine site, with the exception that when you enter your login details, these will be harvested by criminals.

You might think you know how to spot a phishing scam – but phishing is becoming more sophisticated in 2020. A rise in deepfake voice phishing could see employees tricked into sending money to scammers or revealing sensitive information after getting voice messages and calls that sound like they are from senior executives.

It is important to understand these risks in order to be able to combat them.

Broaden their cybersecurity awareness

It is important for your employees to stay up to date with the latest tactics and techniques being used by cybercriminals. Providing employees with regularly updated training can be hugely valuable in boosting their knowledge and understanding. Employees with good cybersecurity skills and knowledge make a valuable line of defence against cybercrime.

One way that you can assess the cyber maturity of your employees is by engaging a cyber security company to carry out a pentest of the organisation. For example, this could take the form of a simulated phishing attack to see if any of your employees give out their log-in credentials.

Work closely with the IT department

It is important that employees should avoid any instances of “shadow IT”. Shadow IT is the term for any application or software that is installed on an employee’s computer without the knowledge and consent of the IT team.

Going through the process of having a piece of software signed off and approved can be frustrating and time consuming, but failing to do so can lead an employee to download software containing a vulnerability which can be exploited by hackers. Or which isn’t updated in the future by the IT team when known issues are identified in the software.

Be willing to invest in enhanced security tools like privileged access management, so system users are provided with different levels of access. This ensures greater control and, therefore, security.

Set strong passwords

Experts disagree as to whether employees should change their passwords on a regular basis. On one hand, changing passwords can be an important way to limit the risk of stolen passwords being used to access accounts. But on the other hand, employees being forced to remember too many different passwords will often result in them instead using unsafe workarounds.

It can be agreed, however, that the use of weak and commonly-used passwords is to be avoided. According to cybersecurity specialists, businesses can prevent staff from setting common passwords by enforcing rules and complexity such as the use of special characters.


Follow good cybersecurity practice away from the office

It is important if an employee works from home or remotely, that they should follow good cybersecurity practice when they do so. Any time that an employee accesses company data they should do so in an environment that is as secure as the environment in their workplace. Their remote computer should have cybersecurity measures just as powerful as those in the office – otherwise they are making themselves an easy target. For example, using public Wi-Fi is a major security concern.

Backup data regularly

Ransomware is still a problem, and losing access to business-critical data can be a major problem for any company. That is why it is vital that employees should use their company’s corporate network where possible as this is likely to be backed up regularly by the IT team. However, if staff do store data locally then they need to back up their data on a regular basis – ensuring that it is saved somewhere that would not be compromised in the event of a criminal attack.

Final thoughts

It is important that employees understand cybersecurity best practice so that they can act in accordance with it. Informed staff can be a powerful line of defense against cybercriminals.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *