Are Your Employees Putting Your Business At Risk?
Cyber security has been named the number one threat to businesses, having risen 15 places in the last seven years. Is there more businesses could be doing to examine the source of the problem and find solutions to reduce the risk? Our Sales and Marketing Director, Mike Dickinson describes the escalating threat within the workplace and what you can be doing to prevent vicious and costly cyber attacks.
Technology is the driving force in most businesses. Used as a method of communication and way of storing confidential information such as financial data or executive business decisions, technology is an efficient way to keep important business matters private. That is until it becomes under the threat of a cyber-attack.
In the past 12 months, 32% of organisations were victim of malicious cyber breaches, costing approximately £5000 per attack. To raise awareness of the threat, more is being done to educate professionals about the risks and ways to prevent such breaches. However, despite this, could the main threat be coming from within the business?
According to our recent poll on Twitter, 90% of people are aware that the most common cause of cyber-attack is human error. When we’re busy at work, it’s easy to become careless and not notice the warning signs of potential risks and bugs. Whether it’s a result of carelessness or lack of knowledge, 46% of cyber attacks in the past year have been a result of employee downfalls. So, what can your business be doing to minimise the risk?
Educate your employees on the threat
Educating your workforce on the signs of an emerging cyber-attack could help prevent it before it becomes serious. Knowing how to recognise a dangerous link or email can deny hackers access and protect your business from potential breaches. Ensuring your staff understand the importance of addressing cyber concerns when they occur, can ensure you and your workforce are vigilant towards attacks. Cyber security awareness training is a great way of further educating your employees on the risk of cyber attacks and how they can recognise them and prevent them from happening.
Keep passwords secure
Gaining access to confidential data is the focus for hackers. Keeping your passwords secure by avoiding using personal details and being conscious of the length of time you use them for, can make it harder for cybercriminals to hack your system. Keeping passwords in a password protected document as opposed to a sticky note, adds an extra level of security. However, in order for it to be beneficial to the business, it is important to ensure the entire workforce is enforcing these changes.
Watch out for suspicious links
99% of email attacks, rely on the recipient clicking the link, therefore being able to recognise the difference between a suspicious email and a genuine one, is a vital skill in the workplace. As email breaches become increasingly sophisticated and harder to recognise, looking for tell-tale signs such as an unfamiliar sender, is an easy and efficient way to avoid attacks. Some of the most common tell-tale signs of a phishing email are:
- Not addressing you by name i.e referring to you as ‘customer’
- Obvious spelling mistakes or typos
- The ‘from’ email address is not the same as the company that the email is claiming to be from
- Encouraging you to open random links or attachments
Social media is an easily accessible tool, used by a large number of businesses. When setting up a company social media profile, you are asked to enter details such as a mobile number or email address. This may result in the use of personal information. To make sure your data is safe from cyber criminals, ensure your security settings are secure.
Once information is posted online, you can’t get it back. This is important to remember when posting anything. Revealing confidential information online can leave you and your business vulnerable. Enforcing a social media policy within the workplace, helps set the guidelines for using personal accounts during working hours or talking about the workplace/colleagues on personal accounts.
Protect your data
To implement an effective cyber protection strategy within your business, preventing access to your data and having procedures in place that if a breach occurs, the data becomes invalid, are both vital. Encrypting sensitive data, renders it useless to hackers. Regularly backing up and updating your system helps strengthen your security wall. Using unsecure networks, such as free wi-fi is another way to put your data security at risk. These types of connections are often not encrypted, meaning it’s easy to fall in to the hands of hackers. Accessing emails and social media via these networks could lead to passwords or sensitive information being unintentionally leaked. Accessing personal banking could open up your accounts to cyber-criminals.
Be cautious of third-party devices
Staff should never store business sensitive data on external hard drives or USBs to take out of the office. GDPR legislation has been put in place to ensure information is protected, however printing this or storing it on a third-party device renders this invalid. Should the device get lost or stolen, confidential information could be exposed.
Using illegitimate apps and programmes
Apps from a legitimate source such as Apple or Andriod Play Store are constantly being checked to ensure they aren’t malicious; however, thousands of apps are uploaded every day so some still manage to get through. Apps can run in the background of your device and leak confidential information such as passwords and mobile numbers. Be vigilant when downloading apps, read through the reviews and do your research to ensure the programme is safe.
Ensuring your workforce is aware of the threats presented by a potential cyber-attack and educated on how they can avoid them, is key to enforcing a smarter working approach towards cyber safety.
Another way to protect your business is through cyber insurance. Taking out the correct policy can protect your business against any unexpected costs or damage that may occur as a result of a cyber breach.
Cyber insurance can help ensure your business can stay up and running in the event of a cyber-attack. Being insured means you’ll have the legal and technical support from experts within the field when you need it – most policies come with 24/7 breach response team, so you can react quickly to a suspected cyber-attack.