Businesses do suffer from a huge loss when a cyber attack occurs. Besides, the safety and trustworthiness of a company are put in question and the customers feel unsafe in making any transaction with the company, which ultimately results in the downfall. Cyber criminals often relay on human errors. For instance, if an organization has 100 employees, it is 100 vulnerabilities they have and people working in an organization knowingly or unknowingly put the network at risk. It may include employees failing to install software patches or clicking on malicious links to gain access or by downloading the malicious attachments. From the top management to the newest employees, cyber security needs a strict vigilance of every employee to keep the confidential data safe and secure.
As March 2017, marks the 13th anniversary of the Fraud Prevention Month, let us have a look at four ways to be cyber secure at work and prevent data breaches that put the organization safety and integrity at risk.
Passwords are by far considered as one of the weakest links in cybersecurity. Right from the most devastating Yahoo breach impacting more than 500 million individuals to the recent ABTA hacks, a closer examination reveals a common link i.e.securing the account with a weak password. It is surprising to know that a majority of people have a habit to keep simple passwords, which is "12345", "Admin", "Letmein", or name followed by 123. Employees feel that keeping a simple password will help them to memorize, but at the same time, they'll forget it is simple for hackers to guess their passwords, as well.
A weak password definitely plays a significant role in data breaches, but replacing the same with strong passwords, which is hard to guess can help protect the sensitive data. Besides, it is essential to change the password every three months and use password protection to lock confidential documents. A simple strategy can mitigate the major risks and keep the infrastructure safe and secure.
2) Email Phishing
Employees often put the organization at risk by downloading e-mail attachments received from unknown members. According to the Avecto, the global software security firm reports, more than 68% of employees have no concerns about downloading the content or clicking on the links received from an unknown sender. Besides, more than 90% of cyber attacks happened in the year 2016 as a result of spear-phishing emails.
In order to mitigate phishing mail attacks, employees should be aware of these threats and should follow a good cyber hygiene to mitigate this attacks. It is not recommended opening or downloading an email attachment received by an unknown sender. Also, it is important to scan and double check the message before you react. An employee can identify a phishing mail when he carefully scans the content for spelling mistakes, grammar errors and odd looking characters.
3) Social Engineering
Social Engineering scams are one of the toughest scams to mitigate completely as there are no technical safeguards that protect the organization if an employee falls for this attack. The main objective of this scam could be highly technical – like breaching into the network to access sensitive data or files. Whatever may be the intention, social engineers build a relationship with an employee and trick them to leak the sensitive information.
In order to mitigate this type of attack, it is essential to educate the employees. It is better to avoid giving out sensitive information over phone or mail unless an employee is fully satisfied that the caller is genuine. It is recommended to verify the identity of a caller requesting the information. Under any circumstances, it is not advisable to share the password, no matter how urgent the request.
4) Mobile Devices
Employees often use their smartphones to share important files, access company information, but neglect to change the password or keep weak passwords. According to the Spotlight report, one in five organizations has suffered a mobile security breach in the year 2016. Although most of the companies embrace bring-your-own-device (BYOD), they do face risk from those devices on the corporate network if any of the devices install malware or trojan that can access the device network connection.
A well-designed BYOD policy can help protect the company's network. Employees should be educated on device expectation which helps the company to monitor emails and documents that are being downloaded to employee-owned devices.
Cyber attacks have reached a new threshold. As the threat develops and cyber attacks become more sophisticated, implementing preventive measures and actions is extremely important. The key to success is a holistic approach. Cybersecurity is a serious problem for the entire business, not just the IT department. By working closely with the department of cybersecurity, companies can turn their employees from a cybersecurity risk into their strength.