The City of London Police announced that they will be hiring a team of cyber detectives, amid growing concerns of cyber-attacks throughout London.
While these detectives will no doubt be a great asset to the police force, companies can also look to their staff to play a key role in protecting their business. The day-to-day employee will most likely be the one to witness something suspicious before it has a chance to fully impact the business. Therefore, it’s important to create an office culture that regulates itself, with staff being aware of the threats to the business and knowing who to raise their concerns with, ultimately building a robust defence that will keep the company secure.
How does it all happen?
People think cyber-attacks only happen on computers, but the reality is that it can come from just about anywhere. For businesses especially, there are risks to the company’s security both in the head office and on the floor.
As processes become heavily automated – and with smart machines becoming more commonplace – new entry points for cyber-attacks are inevitable. If these systems are not properly protected, they can create an entry point for external threats that aim to infiltrate the system and steal valuable data.
Cyber-attacks can also occur offline as hackers are increasingly getting more creative in their infiltrate techniques by using social engineering: For example, they can phone the company using disguises and speak to members of the staff. Then through a short and simple conversation, could gain key data that could be used in their attacks.
It’s also important to recognise that threats could come from within. Employees, moles from other competitors, or those looking for financial gain can compromise the security of the business. But is not only staff driven by malicious intent that poses an insider threat: complacent or inadvertent team members or 3rd party contractors may unwittingly let the adversary in. Internal cyber-attacks are more difficult to prevent but there are key steps businesses should follow for a better defence against them.
Key tools and processes
Enforce basic password requirements. Humans tend to resort to using the bare minimum when creating a password, and this doesn’t change in the workplace. Because of this, it’s crucial that businesses establish password requirements, such as minimum length and complexity.
Another way to ensure maximum security when it comes to passwords and how employees store them is to use a password manager. This system keeps passwords stored safely and guarantees that they are only accessible by a number of trusted employees who know the master password.
Additionally, businesses should turn on two-factor authentication (2FA) across all accounts. This involves the user entering a second piece of information, such as a fingerprint or one-time code, in order to gain access. Even though hackers may be able to hack passwords, they will not be able to gain full access thanks to the added step of 2FA.
There are some key policies businesses should have in place that can help defend against cyber-attacks. Implementing the SOC 2 or ISO 27001 compliance standards ensures that the company is aware of any risks and helps them take the steps needed to keep cyber-borders safe.
While different processes will no doubt help protect the business from external threats, a investments in training every member of staff are key to any successful security program. While your people can be the biggest threat to your security, they can also be your greatest asset if properly trained and aware. Having an staff educated on how to best identify different threats is a strong step to take when building a comprehensive defense against cyber-attacks.
How to ensure staff are cyber ready
Some threats can be spotted using simple technological solutions whilst others are a little harder to tackle – especially those that happen offline. Cyber-attack training is vital, as employees are often the first target hackers will try to dupe.
Clear guidelines should be communicated to ensure that employees know how to respond to fake phone calls more effectively. Educating staff on phishing emails will also help them to spot messages that could cause trouble, helping to prevent hackers from creating bigger issues to the business.
It’s not impossible to protect businesses from threats. By building a strong defence mechanism combined with staff training and support, businesses stand a better chance of remaining secure and cyber ready.
Chief Information Security Officer
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.