This year, we have seen some of the most high-profile victims of cybercrime across the world, including the NHS in the UK, and the attack of Equifax that impacted of millions of people in several countries. The damage has not only cost companies’ money, it has also hit their reputations hard. Yet despite the impending threats and, as cybercriminals only become more commonplace and grow in severity and scale, it’s worrying that a significant number of companies feel unprepared to deal with such an attack.
While cybersecurity can be a large – and sometimes overwhelming – investment in both time and money, it’s the “new normal in what companies need to do in order to protect themselves” as Stephen Cobb, Senior Security Researcher at ESET, has commented. And training for staff needs to be a big part of this “new normal”
Cybersecurity is everyone’s responsibility and organisations need to train staff to ensure they have a more empowered and security-savvy workforce.
Here are our tips for all organisations to consider:
1) Know your enemy
For the workforce to protect itself against a wide range of threats, it first needs to know the enemy. Information about the most common threats like malware, phishing, ransomware and social engineering, as well as how they operate, could help allow employees to understand the problem and help them be less susceptible.
2) Consider password safety
Frustration over creating and remembering passwords mean the vast majority of people use the same password for everything. It’s not just the same password for every account, but using the same password for everyone else. The type of prompts users receive when creating passwords don’t help, and often mean people use easy and insecure passwords.
3) Think before you click
This is one of the most underestimated threats – a form of psychological manipulation where cybercriminals trick people into handing over personal and sensitive information, usually through deceptive and fraudulent means.
Here is one of the most common phishing scenarios: you receive an email that appears to be from your bank. It asks you to politely check the settings of your account and, via the included link, provide your credentials and further information. But it’s not your bank that will receive your personal details – it will be the cybercriminals behind this attack.
4) Remember that security is everyone’s responsibility
Every piece of awareness and information needs to be matched to actions for employees, regardless of department or level within your company. The C-suite, especially, needs to adhere to the rules, as they are often the juiciest target for cybercriminals. Making colleagues realise not only how their actions can be detrimental for the entire company, but also spelling out how simple steps can keep everyone protected will create a sense of collective responsibility and help build collective security.
While companies need to wake up to threats from hackers, becoming cyber-resilient is a straightforward process. Realising that remaining secure is everyone’s responsibility means training staff in even the most basic skills should be a top priority.
By Stephen Cobb, Senior Security Researcher at ESET