Technology is becoming more and more important to - and integrated in - our lives, leading to us become increasingly dependent on it. It may make life easier, but it also leaves us vulnerable to risk. Because of this, cyber security is top priority and affects our daily/working lives greatly.
Breaches in cyber security can be catastrophic for organisations and their employees or client base. It can determine the success – even survival – of an organisation due to the increased fines introduced by the GDPR in 2018, not to mention the impact a cyber-breach could have on a business's reputation. The severity of these implications means that cyber security is something organisation's really can't ignore and why education and awareness training for employees is necessary for all organisations.
Common Security Issues:
A lack of awareness about cyber security measures is one of the top reasons why so many organisations suffer data breaches. Lack of knowledge leading to low confidence levels mean that many breaches are caused by seemingly innocuous errors that even basic cyber-security training could help mitigate. We explore some common threats and their impact upon your organisation below:
Using Email and Internet Securely
When it comes to cyber security, it's worth remembering that there's no such thing as 'just common sense'. It may seem obvious to one person what, for example, the rules are for creating a secure password. However, to another, this won't be so clear or seem all that important.
This is why it's imperative to maintain regular awareness training on safe internet and email use. Hackers target company emails in the hopes that one employee in possibly hundreds will be distracted enough to download an infected attachment or fall for a Phishing scam.
Other common risks include visiting unsecured websites which may infect your system with Malware like Trojan Horses, or downloading software disguised to look legitimate. Remember, it only takes one employee to click the wrong link for your entire network to become compromised.
Today we are inundated with software and platforms requiring passwords; think social media accounts, online banking, mobile phone PINs, and email accounts. It may seem like a hassle to have so much password protection, but these protocols exist as the first line in defence against cyber criminals and hackers.
Shockingly, the most common password is '123456', closely followed (ironically, considering its weakness) by 'password'. These findings, alongside the fact that 73% of people re-use the same password across all their accounts, means that thousands of people are still leaving themselves worryingly vulnerable to hackers.
Creating a strong password policy is key when it comes to helping users safeguard the critical systems and software they rely on every day. Whilst adding more complexity (e.g. by requiring longer, more secure passwords, or by changing passwords frequently) can seem like an inconvenience, the requirements of and reasons for your organisation's password policy should be made clear to employees from the outset.
Our addiction to technology continues with the ever-rising popularity of social media (there's research suggesting that some people access eight different social media accounts at any one time!). However, our informal approach to social media means we don't generally see information we post on our profiles as all that private, or even valuable in some case; instead it's just a fun way to share experiences and fun-things with friends. However, this relaxed state of mind makes it very easy for cybercriminals to target social media users, as we tend to have our guard down whilst accessing the platforms.
Similarly to malicious links or attachments sent via email, a download disguised as an interesting link or Direct Message on social media could be a way for hackers to infiltrate systems and steal valuable data. Cyber criminals are aware that employees accessing social media, say, in their lunchbreak, are more likely to engage in risky behaviours – that's why it's so important to ensure a clear social media policy is in place at work and to train employees on best practice for using social media. Remember, just because social media tends to be for personal use, it's nonetheless something that can affect the workplace.
A Compliance Culture
One of the biggest effects cyber security has on us is the role it plays inside developing and maintaining a compliance culture. A compliance culture embeds awareness training and risk mitigation (like the examples discussed above) into our everyday work practices, setting the standard for good conduct throughout the entire organisation.
By focusing employee behaviours on best practice and ways to maintain cyber security (rather than viewing training as just a box ticking exercise), organisations will find that meeting regulatory obligations is just the beginning, a foundation that sets the tone for behavioural change.