Addressing the threat from within

null

When it comes to cyber security, employees are often too laid back. It could be that they are unaware of the consequences of a risk data breach or a phishing scam, or perhaps they just don’t think they are responsible for it. 

But this shouldn’t be the case and it’s a lack of education that makes employees one of the most vulnerable, with recent research revealing 28 per cent of workers re-use the same password across multiple accounts and 22 per cent have already been hacked. 

So why are workers opting for such an unsafe route? And what can businesses be doing to encourage employees to be cyber-safe at work? 

Education

On the whole, employees are somewhat unaware of the risks that follow everyday tasks. We all read about the large-scale data breaches happening across the world – most recently the Yahoo UK data breach fine - but very few stop to understand how it happened or who is responsible. 

To combat this, business owners or the IT department – depending on how big the organisation is – need to educate employees on the risks and the policy the company has in place to avoid them. 

Training should be undertaken as a whole team to ensure everybody is on the same page and reiterate the policies and processes. Once complete, it is ultimately the employee’s responsibility to be more aware of cyber security issues and put the training into practice. 

Looking at the most common and significant threats out there today, there are a few stand-outs that businesses and business owners need to be aware of to ensure they are protected. 

Unsecure devices 

It is far easier for a cybercriminal to use an employee against a company than it is to devise unique ways to break into the IT systems. 

The threat could come from anything, from connecting to a personal device in work, to taking company-connected devices home. Other scenarios would include connecting to work accounts through an unsecure network or device and accessing sensitive data or copying files to an unauthorized USB destination.  

To avoid these cyber threats, the company should be empowering the team through the training sessions outlined above to remind them just how vital they are to the organisation. As a platinum status WatchGuard partner – one of only two in the UK – SysGroup not only offers firewalls, email security and other security solutions but also interactive security awareness training courses tailored the specific contexts and requirements. The aim of the training is to make employees more aware of data and security, while creating opportunities to make improvements. 

Sophisticated phishing

What may seem like one of the oldest tricks in the cyber-criminal handbook, sophisticated phishing is on the rise. These scams are becoming so common and advanced that it’s often difficult to discern between genuine and fake emails. In fact, in 2017, 91 per cent of attacks began with email phishing.  

Phishing emails or messages prey on our instinctual responses to panic; they threaten loss of data or account details, hoping that you will click through immediately and give up your details.

To protect against these threats, employees should be encouraged to think twice and delete emails from suspicious or unknown addressed. That said, research tells us that even with training, 23 per cent of phishing emails are still opened with 12 per cent of those targeted clicking on the infecting link, so protecting the company against human error should be top priority. 

At SysGroup we provide customers with email security solutions and technology from leading providers such as Mimecast and Kaspersky, to defend and protect against advanced threats and data loss. Nowadays, it’s more critical than ever that organisations of any size implement robust email security steps to avoid future mishaps.

Passwords, passwords, passwords 

Finally, relying on a simple username-password combination to access systems puts the whole organisation at risk of a data breach. 

The software used to crack password combinations is so advanced nowadays that a simple single-word password or predictable pattern will be easily guessed in no time at all. Malicious password cracking software for example, can guess billions of options in seconds, so pet names or the place you were born are no match for these algorithms. 

Even a mandatory password reset can be insufficient. Business leaders must work with the IT department to help employees pick stronger passwords and use multi-factor authentication as the new standard. Also consider investment into password management software – it can make a big difference to the organisation and can be an important step to lessen the chances of being hacked. 

At SysGroup, we work with one of the world’s leading technologies to ensure our customers emails stay safe. The technology combines two of three possible authentication methods, so that any data leak that could compromise user names or passwords remains secure, without a unique third authentication factor.

Planning ahead

What’s clear is that businesses and business owners should be prepared for the worst and look at all sources to combat the threats out there today. In a world where cybercriminals are becoming smarter and faster, a company can never be too secure. 

Internal cyber security policies should be constantly re-evaluated and working with expert partners can help to create a robust strategic plan from the top-down to enlist the help of employees in better security practices. 

What’s more, with GDPR legislation recently coming into effect, it is now even more important to prevent the human errors that lead to so many data breaches. Training days and even simulated phishing scams and other attacks will reveal how vulnerable the business may be and help to craft the vital strategy to improve systems and procedures.  

Adam Binks, CEO of SysGroup 

Image Credit: Andrea Danti / Shutterstock