Minimizing Cybersecurity Threats in the Workplace: 5 Practical Tips
— September 9th, 2022
By rights, cybersecurity should be listed as part of every single job description. Just as spending money online somehow seems less real than handing over cold hard cash in a brick-and-mortar store, cyber threats often seem less real to many business owners and employees. However, cybersecurity threats must be taken just as seriously as any other business risk. And staying on top of cyber security is a task to be shared by the whole organization.In a resilient, future-focused organization, while hiring a cyber security professional could be a worthwhile investment cybersecurity is also seen as everybody’s job
The National Institute of Standards and Technology defines a cybersecurity threat as any circumstance or event with the potential to adversely impact organizational operations, assets, or individuals through an information system via unauthorized access, destruction, disclosure, modification of information, or denial of service.
In short, cyber-attacks equal a world of pain for an organization.
Cyber Security: Learn How Employee Communication Could Save Your Business
Protecting Data Against a Potential Threat
Unfortunately, over the past few years, cybercrime and cyber attacks have been steadily rising. According to a report from Accenture, there were as many as 270 cyber-attacks per company in 2021. This was a rise of over 30% from the previous year. Despite the increase in cyber-attacks and data breaches, the same report found that 78% of leaders are still unsure how or when a cybersecurity incident will affect their organization.
Remember, major cyber threats and potential security breaches must be communicated to all customers who may be compromised, so the reputational repercussions are significant—even if, ultimately, the cyber threat is not followed through, and the data remains safe.
So, think about your organization’s hard-earned reputation, the customer trust you have built up, and your bottom line… And now, let’s dig into these five steps to minimize cybersecurity risks.
These practical tips will help defend your organization’s critical data and information from hackers, malware, phishing attacks, and other cybersecurity threats.
1. Conduct Regular Cybersecurity Training for Your Employees
Your number one priority is to create a cybersecurity-conscious culture in your organization. Human error is a significant weakness in your defense against cybercrime so try to limit the risk as much as possible by educating your people.
In 2022, about 3.4 billion phishing emails will be sent daily worldwide. These emails contain malicious malware or ransomware in the form of links that give hackers access to employee data, including login credentials. Some of these scams have become highly sophisticated and seem entirely genuine at first glance. Hackers know that it only takes one slip-up by one well-meaning person to breach a system and access sensitive data.
Start with an audit. Send a security/risk assessment to everyone in the organization—much like what a prospective customer or client may ask for. This enables the identification of any gaps or weaknesses, such as ensuring employee's are sharing security information safely. Then invest in comprehensive training for your entire organization. To bring employees up-to-date with the latest thinking and trends and maintain that standard, choose an in-depth, continuous, and compulsory training program—not a one-off course that can be clicked and flicked through and duly forgotten about!
Keep cybersecurity front of mind by including cybersecurity news in your employee communications—highlight any new security updates and send frequent reminders to stay alert and aware. Try to keep the content as fresh and engaging as possible. Make your employees part of the process by encouraging the reporting of any new phishing scams. Reward vigilance.
2. Use Strong Passwords to Protect Your Data and Systems
Password1. 12345678. Qwerty. We’re probably all guilty of choosing a weak password at some point. But remember, when it comes to cybersecurity, an organization is only as strong as its weakest link. It’s been reported that 63% of all internal organizational data breaches result from compromised usernames and passwords.
Companies and employees can minimize cyber security threats by using strong passwords. In fact, the National Cyber Security Centre (NCSC) suggests simply selecting three random, memorable words. Then ask yourself, would someone who knows me well be able to guess my password in 20 attempts?
Of course, don’t forget the golden cybersecurity rule—never write passwords down or share them with anyone. To avoid either of these scenarios entirely, and to prevent “password overload” in your organization, consider investing in a reputable password manager that stores and generates encrypted passwords.
Other Top Tips to Minimize Threats
· Implement two-factor authentication for all company logins. Using two different factors like a password and a one-time passcode sent to a mobile phone via SMS is two-factor authentication. When a company member uses a password to log in to their account, they’ll be prompted to confirm it’s them by entering the passcode sent to their phone.
· Change default passwords before handing over new devices to employees.
· Train staff in good password hygiene. Make sure they know never to repeat a password and never to share their data.
· Encourage employees to report any unrecognized logins or suspicious activity.
3. Make Remote Access as Secure as Possible to Avoid Cyber Attacks
With the recent dramatic increase in remote and hybrid working, remote access programs have suddenly become widespread. Remote computer access means accessing a computer from a different location through a secure network connection. Although this brings many benefits, such as saving money and time, it also comes with a multitude of cybersecurity implications.
For example, when business owners and employees allow remote access to their computers, support technicians are granted complete control of the system and, therefore, access to all files, applications, and data. In a worst-case scenario, they could use this information for malicious purposes. Equally, scammers could carry out phishing or malware attacks by impersonating technical support staff to con employees into allowing remote access. For these reasons, remote desktop access should be limited to trusted sources in your organization.
According to IBM, remote work led to a $1.07 million (24.2%) higher cost of data breaches in companies where it was a factor (17.5% of organizations). Additionally, organizations with more than half of employees working remotely spent an extra 58 days identifying and containing breaches, compared to less remote work-orientated organizations.
Remote access security checklist:
● Encrypt data to prevent theft
● Use a strong firewall and security software
● Use two-tier authentication
● Restrict access to unauthorized users
● Review server logs to monitor remote access and any unusual activity
● Delete remote access privileges once they are not needed
● Test systems regularly for vulnerabilities
● Keep firewall and remote access software up-to-date
● Educate employees on how to detect a potential technical support phishing attack
4. Safeguard Your Network Against Cyber Threats
Safeguard your organization’s Internet connection by encrypting information and using a firewall. According to Cisco Systems—responsible for coining the term in the 1980s—a firewall
is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules.
Also, if you have a Wi-Fi network, ensure it is secure and hidden. To do this, hide your Wi-Fi network and set up your wireless access point or router. This way, it will not broadcast the network name, known as the Service Set Identifier (SSID).
Finally, it’s also essential to password-protect access to the router. If you have employees working remotely, use a Virtual Private Network (VPN) to allow them to connect to your network securely from out of the office.
5. Use Up-To-Date Antivirus Software to Combat Cyber Attacks
To avoid security breaches, ensure all your business’s computers are equipped with antivirus software and are regularly updated. As Bernard Marr points out in a recent future of cybersecurity at work article, this was much easier pre-pandemic, when the IT team could keep a close eye on all work devices. Physical proximity made it relatively simple to ensure they were free of spyware and malware, and were running the latest versions of anti-virus software. Now the responsibility is shared, and employees must bear some personal accountability for device security.
Antivirus products work by detecting, quarantining, or deleting malicious code, to prevent malware from causing damage to your company devices. You can purchase antivirus software online from a variety of different sellers.
It’s also recommended to configure all software to install updates automatically. In addition to updating antivirus software, it is critical to update the software associated with operating systems, web browsers, and other applications, as this will help secure your entire infrastructure.
Cyber Security: Learn How Employee Communication Could Save Your Business
Stay Safe, Stay on Top of Cybersecurity
As the workplace gets smarter and more tech-savvy, so too do the threats that jeopardize organizations. Data breaches are time-consuming, expensive, and bad for business. Preventative steps and mitigation planning are critical to minimize disruptions from these workplace threats effectively.
Remember, HR and Internal Communication departments can have a real impact on helping cybersecurity. “Given their vital roles in the leadership arena, organizational culture, and governance of policies and communication channels, as well as having direct, respected, and frequent connections to all employees, IC and HR, are perfectly placed to support and amplify the battle against cybersecurity.” (For further reading on this topic, check out this recent article by Joanna Hall. )
Unfortunately, no one measure is a silver bullet. Cybersecurity awareness is a mindset you need to ingrain in your workplace culture. Do not defer to IT to handle everything—educate yourself and your employees. Embrace the cyber-conscious culture! Make it part of your organization’s DNA