One of your organisations most effective defences against cyber attack and data loss, and also its biggest threat, is your employees. They can prevent many incidents from occurring simply by understanding the risks, being vigilant and complying with your cyber security policies and procedures. Conversely when they don’t have the knowledge and awareness needed, they can expose your organisation all kinds of threats.
Backed up with cyber security prevention and detection tools, the simple steps outlined below can keep your employees safe online and reduce the chances of attacks because of human error.
5 Essential Ways To Keep Employees Safe Online
- 1. Awareness and education
Cyber security policies and procedures will get a lot more support from your employees if they understand why things have to be done in a certain way. Raising awareness about the threats, and why your organisation is vulnerable, is the first step for ensuring that staff take cyber security and IT Risks seriously.
Employees also need to understand what the risks are when cyber security policies are not adhered to. For example, what could happen if they share a password with another colleague, or use an unapproved application on their mobile device for work? Instead of just saying ‘don’t do xyz’ you need to explain what the impact is if they don’t follow procedures correctly. You’ll get better engagement and buy in if employees understand exactly why those policies and procedures are in place.
- 2. Provide training to help employees spot threats
Do your employees know what a potential attack could look like? Phishing and social engineering attacks have become increasingly sophisticated and many communications that might trigger an attack look like genuine work emails or even phone calls.
Regular training is a must. This can be delivered using e-learning solutions, which are often more accessible to employees than attending a face-to-face training session. However, a combination of different training and awareness raising programmes is the best approach. As cyber attacks evolve so fast it is vital that employees are aware of the latest threats to your organisation and how these might manifest themselves, so regular updates are essential.
At the same time, monitor engagement with your training programmes. They’re only effective if employees learn from them and put into practice the advice given. Test different approaches and get feedback from staff, to ensure they’re more than just a box ticking exercise.
- 3. Know who has access to what
Make sure that employees only have access to the data and systems they need to do their job. Many organisations automatically give employees access to a wide range of information without considering whether they actually need it. This increases their chance of inadvertently causing a breach or disruption.
Instead, use privileged access management tools to lock down who has access to what. Things to bear in mind include, what happens when an employee moves jobs within the organisation? They may no longer need access to some systems or their access may need to be downgraded to an ‘ordinary user’. Adhere to the principle of least privileges, which dictates that users should have the least amount of permissions possible.
- 4. Promote better password hygiene
In many cases a password is the first line of defence against a cyber attack, and often the most easy to breach. Make sure your employees are using secure passwords and changing them regularly. Best practice includes:
- Longer passwords using a mixture of letters, numbers and symbols
- Provide employees with an approved password safe to prevent them from saving them to their browser or writing them down
- Use different passwords for different accounts
- Avoid passwords that are associated with personal details (children’s names, memorable dates etc.)
- 5. Make sure employees understand that they may be a target
Many employees don’t believe that a hacker or cyber criminal will bother with them. They may think that their role within the company isn’t ‘important enough’ or that the business they work for isn’t a target either. But cyber criminals are targeting employees like them because they’re often the easiest person in the company to hit.
Similarly, they’re also targeting small businesses for the same reasons. Many SMBs don’t think they’ll be targeted because they’re ‘small fry’, but actually they present easy pickings because their defences are not as effective as larger enterprises. In some cases a small business may also provide a backdoor into a larger organisation.
Therefore, make sure employees understand that they and your organisation are targets: it’s not something that only happens to the corporates that make the headlines.
For advice on protecting your organisation and supporting your employees further, please get in touch with our team.