Hacking a business today is easier than it has ever been. With nearly every company in Australia now intimately intertwined with technology, you might think cyber security would be a priority. But the truth is, our protective measures have grown lax, as organisations fall behind the times in their trust of flimsy barriers, trusting in blind faith that they won’t be targeted.
Right alongside the rise of software that makes our life and work easier than ever, the tools cybercriminals use has advanced as well, enabling hackers to penetrate precious networks of data with minimal effort. What used to take thousands of lines of code now takes a couple of clicks. And actually, according to IBM’s 2016 Cyber Security Intelligence Index, 60% of the time it’s not some fancy tool that allows criminals to circumvent your defences – it’s your employees letting them in.
No matter how impenetrable you may imagine your security measures are, they’ll be rendered useless if a hapless member of your team clicks the wrong file and opens the floodgates. When it comes to cyber security, your biggest vulnerability isn’t your antivirus or firewall – it’s your poorly trained employees. Here are five ways to prevent them from slipping up and opening your business up to attack.
This may seem like a no-brainer, but it’s probably anything but to many members of your team. According to a 2015 survey conducted by TeleSign, close to 75% of consumers use duplicate passwords in their online activity. Twenty-one percent of them use passwords more than a decade old, 47% have been using the same password for five years and a whopping 54% use the same five passwords across an entire lifetime online. Also, 60% of employees use the same user name and password at home (on unprotected computers) as they do at work !
As a business owner, these numbers shouldn’t just make you chuckle – they should make you mad. It may be that the entirety of your company’s data, everything you’ve worked so hard to build over years of blood, sweat and tears, could be guarded behind a password as simple as “123456.”
Make sure you train your employees on safe password practices. That means mandatory password changes to key business accounts every few months, each of them containing letters, numbers and symbols, preferably without any real words at all. It’s a small change, but it can drastically increase your odds against data breaches.
If your business is going to survive a digital onslaught, safe online practices for your employees need to be more than a recommendation. They need to be mandatory company policies. Every new and existing employee needs to know what’s expected of them and what the consequences will be if they deviate from guidelines. For example, when an update comes through for a key piece of software, it needs to be installed immediately. Have a set procedure in place for them to follow if they encounter a suspicious e-mail or potentially malicious link. These and other practices, when set in stone, ensure that employees remain personally invested in protecting your company.
The best way to suss out any employee vulnerabilities, though, will always be to do a thorough security audit of all your systems. This means investigating the hardware, software and cloud systems your staff are using on a daily basis, sure, but most importantly, you need to analyse the habits of your personnel and whether or not they’re complying with your high standards of cyber security.
As they say, forewarned is forearmed. This is never truer than when defending your business from data breaches. With comprehensive cyber security awareness training, outlining everything from the biggest digital threats to post-breach best practices, you can turn your biggest security liability into your greatest defence. If employees know the ins and outs of hackers’ tricks, it becomes exponentially more difficult for hackers to trick them and find a way into your network.
The crooks steal your credentials for one reason - to make money. Bu they may not use these details themselves - instead they will offer these for sale on the "dark web" for others to take advantage. There are huge numbers of credentials for sale right now.
Cost effective early warning systems are now available for businesses to monitor when these credentials have now been offered for sale. As soon as you are alerted you can quickly safeguard your critical assets.
With all five of these steps, it can be difficult to determine just how to implement these policies within your organisation – much less what should be included – but luckily, we can help. Contact us to find out how we can help you put a strong data security employee training program in place and patch any holes in your barriers before they become an issue.