Have you ever heard of cybercriminals dropping infected thumb drives in employee parking lots and waiting for someone to plug them into a work computer? Shockingly, studies show that 60% of people who come across these drives will do just that!
With such an effortless way for hackers to infiltrate a business, it's crucial to provide security awareness training for employees. Such training should cover current security threats, company security policies, and each employee's personal responsibility in keeping the business safe from cyber threats.
However, many businesses don't know where to begin when it comes to developing a program. The good news is that we're here to help. We can work with you to establish a security awareness program or provide additional education and guidance on good employee security policy that is tailored to your business. Here are some of the critical areas that should be included in any good program:
Phishing and Social Engineering
Social engineering is an attack that occurs when a user is tricked into divulging confidential information. Phishing is a common social engineering attack where a hacker tries to get sensitive information such as passwords and credit card details via email or chat.
Why are phishing and other social engineering attacks so successful? Because they often come from a credible source, tricking users into thinking that the communication is trustworthy. Signs of a phishing attempt include typos, links containing a string of random letters and numbers, an unusual sense of urgency, or a general feeling that something is wrong about the information requested.
If an employee feels that something is not right, they should not click on any links or attachments or give out any sensitive information. They should instead have a process in place for alerting the relevant department or person in a timely manner. This is critical in preventing a phishing scam from spreading throughout the network.
Passwords and Network Access
Employees should follow best practices when it comes to creating passwords, especially for passwords used to access IT environments. Passwords should be unique to each application, at least eight characters, contain letters and special characters, and avoid obvious information like names and birth dates. Employees should also update their passwords every 90 days and never store them on sticky notes attached to monitors or keyboards, nor should they share them with others.
It is also essential to be cautious of network connections used outside of work or home. Even if data on a device is encrypted, it is not always guaranteed that a connected network will transfer that data in an encrypted format, which can open the door to numerous vulnerabilities. Public networks may also be tapped, putting all exchanged data at risk. To avoid these threats, use a trusted network connection or secure the connection with appropriate VPN settings.
Device Security
In today's world, personal devices are frequently used within the workplace. Employees must understand the potential security risks of connecting to the enterprise network from their personal devices. The same threats posed to company desktops and laptops apply to personal devices. Ideally, employees should securely access resources from their own devices, but they should always be mindful of the websites they browse, the applications they install, and the links they click on.
Physical Security
Cyber threats are not the only risks to be aware of; physical security also plays a vital role in keeping sensitive information protected. How often do employees leave mobile devices or computers unattended? It happens to everyone, but if someone were to swipe an unattended phone or log in to sensitive assets from a connected network session, all the data could be at risk.
This area of security is often overlooked and needs a good refresher, particularly since many employees are working from home and are out of practice with good office security measures, such as:
Locking all devices. Employees should make it a habit to lock their devices every time they step away from their desk.
Storing sensitive materials securely. Sensitive documents should be stored in a locked cabinet instead of being left unattended on an open access desk.
Properly disposing of information. When discarding documents, users should ensure that they do not place sensitive papers into a general trash bin. The company should have a policy and procedure in place for the secure disposal of such files.
We understand the importance of employee security awareness and are here to assist you with your needs.
Contact us today to begin the discussion.
