Five ways to make your employees your biggest cyber security asset
With research from Barracuda Networks showing that cyber criminals are cashing in on the Covid-19 crisis, reporting a 667% increase in email attacks since the end of February 2020, Sequel asked Digital and Cyber Security Trainer Amanda Fletcher for her top tips on how to transform employees from a security ‘risk’ to your biggest cyber security asset.
With a 1,000% increase in the number of cyber-attacks on businesses within 18 months and over £4.6m lost to hacking in 2019, there is no doubt that cyber security is a major risk to UK business.
The problem is that many business leaders view cyber security as an IT function but, in reality, 60% of all cyber-attacks are carried out by people from the inside, either through malicious intent or human error and carelessness. And with major advances in cyber security tools and technology, hackers are continuing to switch their attention to those softer targets i.e. your employees.
The number of phishing attacks has increased by 350% since the Covid-19 outbreak. So even with all the latest firewall, encryption and anti-virus software in place, attacks like these will still slip through the net. So, how else can you prevent these types of risks?
Insider cyber threats involving staff and suppliers can be classified from careless to malicious intent and can fall anywhere in between. There is some good news though. If organisations adopt a top down approach to cyber security, involve all departments and focus on both the technical side and the people side of cyber tech (policies, monitoring, training, testing and governance) then cyber security can be vastly improved.
Here are five ways your organisation can reduce the threat and turn employees into your own cyber security army.
1 Focus on company culture: Unite departments to embrace a collaborative approach to cyber security
Security culture refers to the set of values, shared by everyone in an organisation, that determine how people are expected to think about and approach cyber security. Getting a cyber culture right will help develop a security conscious workforce and promote the desired security behaviours you want from your employees.
As we’ve mentioned above, it’s not just IT departments who are responsible for defending against cyber threats. Everyone needs to be involved, including your employees (senior leaders, managers, HR, IT, etc) and don’t forget about your suppliers.
2 Create a robust cyber security policy
Employees need clear guidelines to direct their digital behaviour and defined steps to follow in the event of compromised information or a cyber incident. They should know how and who to report an incident to, how to immediately change their passwords and how to utilise safer internet habits.
Promoting digital hygiene is a simple but crucial part of this. Your policy should include easy to follow password hygiene, multi-factor authentication and the use of a password manager to help protect and enforce good practice.
3 Train employees to deal with cyber threats
Be proactive with training! A survey by Centrify revealed that 77% of UK workers have admitted to not receiving any form of cyber-skills training.
Don’t wait for an incident before you re-set cyber expectations for employees. Set monthly training meetings, train all new personnel on new policies as they arrive and make training material available.
Take note of the weak links. A small but significant percentage of the employee population is made up of non-responders to awareness training exercises.
While these users may not intend to behave negligently, they’re among the riskiest members of the population since their behaviours can fit consistent patterns. Identify these individuals quickly and provide them with frequent reminders about the major cyber pitfalls.
And lastly – don’t be afraid to test your training is working using mock cyber-attacks.
4 Beware of the hazards of homeworking
‘In employees we trust’, but how does working from home and mobile access to company tools and the intranet affect an organisation’s cyber security?
The amount of time employees work from home has increased dramatically in recent years, causing potential cyber security risks, especially if accessed through non-secure networks or public WiFi.
What can you do about it? Develop an IT home working policy that covers everything – such as Bring Your Own Device (BYOD), the use of USBs, using public WiFi, usage of password ‘remember me’ boxes and physical laptop security.
Ensure that homeworkers’ settings are double-checked by your IT department. All homeworker devices should be properly protected and kept up to date with antivirus, web filtering, firewalls, device encryption and other preventative software.
5 Employ apprentices to increase skills & awareness
With the tech industry lagging behind in skills levels, employing a younger generation of tech-savvy apprentices can help plug the skills gap as well raise awareness about cyber issues.
Both MI5 and GCHQ are now hiring Cyber Apprentices to fill their skills shortage. MI5 has also lowered the age of recruits to 18 to bring in a new generation of talent.
Investing your levy in cyber security apprentices offers a long-term solution for cyber issues. It is a practical and cost-effective way to make sure you have the right talent, at the right time, to defend your organisation against cyber-attacks.
About Amanda Fletcher:
Amanda is a Digital and Cyber Security Trainer at escalla. As a leading tech and apprenticeship training provider, escalla is helping UK industries recruit and train the next the generation of cyber-security apprentices.
Go to Digital transformation agency – Sequel Group for how we are helping clients to solve challenges and delivering impact.