Many of history’s online security breaches can be traced back to human error. All it takes is one wrong click before you realize that email contained a well of trouble, and the repercussions are just beginning to snowball up the chain. You see, cyber attackers target a company’s lower-level employees. And they do so with the goal of progressing their attacks up the ladder until they’ve reached their real target: the big fish. As lower-level employees aren’t always versed in cyber security, they make the best targets. Cyber attackers don’t expect executive-level employees to fall for the popular rouses like spam emails. So how do you arm your company’s front line against cyber attackers? With thorough training, it can be done.
Train well and train often
It’s crucial to conduct a thorough evaluation of your security system and strategy before you engage in a staff training. This will ensure that you get the best training outcome. Then, be sure to train employees before they start a job, and periodically afterward, at least once per year. In the trainings, address real-world examples of security breaches of companies within your industry, for perspective. Evaluate what went wrong, and what your company and employees are doing to keep it in check. Having a concrete example may also help to motivate your employees to adhere to the protocols and drive home the point that data must be diligently protected.
Know the symptoms of a cyber attack
Not all security breaches will make themselves known. Attackers could be siphoning your data for days or weeks before anyone is aware. So it’s important to recognize the symptoms of an attack, such as processing time delays, and other mysterious errors. This includes other methods, such as social engineering. Instruct your employees to report these to your IT department immediately.
Navigate email with care
Email is one of the most popular routes of cyber attacks. Often, these look like legitimate emails with some syntactic abnormalities. Sometimes the sender address is even something believable, like paypal@legit.com. The usual prompt is to send your password via email, or to click a link to do so online. But sometimes these emails come from known contacts. Likely, this is because the contact has been hacked. These are harder to spot, but if it looks fishy, a well-trained eye can spot it. And when in doubt, get in touch with your contact and at least let them know you suspect they’ve been hacked. The best practice is to train your employees to spot any suspicious activity straightaway.
Also encourage your employees to keep their work email address limited to work only. Do not condone them using their work email address to sign up for mailing lists, as those are often sold to third parties.
Some email providers offer to send security alerts when your account has been logged into from a new device or different IP address. Encourage your staff to use this feature.
Have a Plan B
Like a fire drill, it’s important to have a strategy in place before anything goes wrong, and to communicate that strategy to employees. For example, if an employee does accidentally open a malware-laden item onto their computer, have some safety nets in place. Make sure that they change their passwords immediately. In some cases, it may be necessary to reach out to their email contacts if they begin receiving suspicious messages. And always make sure your IT department is aware of suspected breaches.
Don’t forget the hardware
Protecting your devices from theft is a huge part of cyber security. Make sure your employees back up their data regularly. Some devices will also give you the option to activate a fail safe, allowing you to wipe the data from a stolen device remotely, or a GPS feature, allowing you to track the location of your device. Take advantage of these bonus features.
As technology evolves, so do ways in which cyber attacks can be carried out. So don’t let your training structure and protocols fall behind. Having an up-to-date cyber security plan in place is an easy and inexpensive way to prevent security breaches. As long as your employees receive sufficient and frequent training, you can effectively avoid cyber disasters that would otherwise be very costly (both financially and otherwise) to perform damage control on.
[su_box title=”About Monique Craig” style=”noise” box_color=”#336588″][short_info id=’68291′ desc=”true” all=”false”][/su_box]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.