With a 1000% increase in the number of cyber-attacks on businesses in the last 18 months and over £4.6m lost to hacking last year, there is no doubt that cyber security is a major risk to UK business.
The problem is that many business leaders view cyber security as an IT function but, in reality, 60% of all cyber-attacks are carried out by people from the inside, either through malicious intent or human error and carelessness. And with major advances in cyber security tools and technology, hackers are continuing to switch their attention to those softer targets i.e. your employees.
The number of phishing attacks has increased by 350% since the Covid-19 outbreak. So even with all the latest firewall, encryption and anti-virus software in place, attacks like these will still slip through the net. So, how else can you prevent these types of risks?
Insider cyber threats involving staff and suppliers can be classified from careless to malicious intent and can fall anywhere in between. There is some good news though. If organisations adopt a top down approach to cyber security, involve all departments and focus on both the technical side and the people side of cyber tech (policies, monitoring, training, testing and governance) then cyber security can be vastly improved.
Here are five ways your organisation can reduce the threat and turn employees into your own cyber security army.
Security culture refers to the set of values, shared by everyone in an organisation, that determine how people are expected to think about and approach cyber security. Getting a cyber culture right will help develop a security conscious workforce and promote the desired security behaviours you want from your employees.
As we’ve mentioned above, it’s not just IT departments who are responsible for defending against cyber threats. Everyone needs to be involved, including your employees (senior leaders, managers, HR, IT, etc) and don’t forget about your suppliers.
Employees need clear guidelines to direct their digital behaviour and defined steps to follow in the event of compromised information or a cyber incident. They should know how and who to report an incident to, how to immediately change their passwords and how to utilise safer internet habits.
Promoting digital hygiene is a simple but crucial part of this. Your policy should include easy to follow password hygiene, multi-factor authentication and the use of a password manager to help protect and enforce good practice.
Be proactive with training! A survey by Centrify revealed that 77% of UK workers have admitted to not receiving any form of cyber-skills training.
Don’t wait for an incident before you re-set cyber expectations for employees. Set monthly training meetings, train all new personnel on new policies as they arrive and make training material available.
Take note of the weak links. A small but significant percentage of the employee population is made up of non-responders to awareness training exercises.
While these users may not intend to behave negligently, they’re among the riskiest members of the population since their behaviours can fit consistent patterns. Identify these individuals quickly and provide them with frequent reminders about the major cyber pitfalls.
And lastly – don’t be afraid to test your training is working using mock cyber-attacks.
‘In employees we trust’, but how does working from home and mobile access to company tools and the intranet affect an organisation’s cyber security?
Around 50% of employees around the world work from home at least 2.5 days a week and this figure has increased rapidly due to the coronavirus outbreak.
However, accessing sensitive business data remotely can cause cyber security risks, especially if accessed through non-secure networks or public WiFi.
What can you do about it? Develop an IT home working policy that covers everything – such as Bring Your Own Device (BYOD), the use of USBs, using public WiFi, usage of password ‘remember me’ boxes and physical laptop security.
Ensure that homeworkers’ settings are double-checked by your IT department. All homeworker devices should be properly protected and kept up to date with antivirus, web filtering, firewalls, device encryption and other preventative software.
With the tech industry lagging behind in skills levels, employing a younger generation of tech-savvy apprentices can help plug the skills gap as well raise awareness about cyber issues.
Both MI5 and GCHQ are now hiring Cyber Apprentices to fill their skills shortage. MI5 has also lowered the age of recruits to 18 to bring in a new generation of talent.
Investing your levy in cyber security apprentices offers a long term solution for cyber issues. It is a practical and cost-effective way to make sure you have the right talent, at the right time, to defend your organisation against cyber-attacks.
Amanda is a Digital and Cyber Security Trainer at escalla. As a leading tech and apprenticeship training provider, escalla is helping UK industries recruit and train the next the generation of cyber-security apprentices.