This week’s cybersecurity awareness month theme is “ensuring online safety at work” embellishing the importance of awareness training for all employees. Every business should have a next-generation antivirus, network security appliance, exterior and interior protection and monitoring, Dark Web monitoring, and deception software. However, technology can’t protect your business from everything. Your biggest cyber risk is your employees. When a single click by can result in a ransomware infection or company credentials for sale on the Dark Web, you must take proactive measures for prevention. The best way to prevent data loss is through employee education and cybersecurity awareness training.
Hackers will make their way in…
The two most common attack methods are through ransomware and stolen credentials. Studies show that 71% of companies targeted by ransomware have been infected. Of those infected, 72% lost total access to their data for 2 days or more. Ransomware usually initiates through an infected email attachment that an employee is tricked into opening. Stolen credentials are due to poorly created passwords and lax password storing policies. Both of which can be prevented through employee education and policy enforcement.
How do we protect our vulnerabilities?
Employee education should include mock phishing campaigns, a weekly or monthly security tip, and other methods to create an overall culture of security-minded employees. Well trained employees will know what to look out for and they will always look before they leap and ask if they are unsure of the risk especially in regards to phishing and spear phishing schemes. Cybersecurity is everyone’s responsibility and the only way to share the responsibility is to educate ourselves to prepare for the next attack.
Creating security policies and enforcing them is also necessary when cultivating a secure environment. It is not enough to just have policies in place, but also enforced at all levels. A password policy is one of the most important policies to enforce. Good password hygiene means avoiding the use of the same password for every website, especially those that store sensitive information. Always use multiple random words in your password. Gone are the days for Pa$$w0rd1!
Where do I start?
Cyber aware employees will surf the internet securely and know what to look out for on the web. They will avoid public Wi-Fi (unless they’re using a VPN) and they’ll use multifactor authentication for all corporate used devices. Knowledge is power; cyber aware employees are given the power to be aware of cyber threats and avoid them from the start. Employees also need to be continually educated as new threats appear all the time. If necessary, engage with an IT Security company that specializes in security and has professionals that can get you and your company on the path to being cyber aware.
To get started on your journey towards a better cybersecurity posture, we are offering a weekly awareness email tip. We designed this “Cybersecurity Tips and Tricks” email so you and your employees can receive weekly relevant IT security tips, reminders and strategies to lower your risk of getting compromised. Click the button below to start receiving these tips!