This year, we have seen some of the most
high-profile victims of cybercrime across the world, including the NHS in the UK, and the attack on Equifax that impacted millions of people in several countries.
The damage has not only cost companies money, it has also hit their reputations
hard. Yet despite the impending threats and, as cyberattacks only become more
commonplace and grow in severity and scale, it’s worrying that a significant
number of companies feel unprepared to deal with such an attack.
While cybersecurity can be a large – and sometimes
overwhelming – investment in both time and money, it is the “new normal in what
companies need to do in order to protect themselves” as Stephen Cobb, Senior
Security Researcher at ESET, has commented. And training for staff needs to be
a big part of this “new normal”, especially when you consider that 55% of
employees in UK organisations have had no recent cybersecurity training.
October, being European Cyber Security Month
might be the ideal time for companies to get over the fear of the word ‘cyber’
and tackle the issues head-on. Cybersecurity is everyone’s responsibility and
organisations need to train staff to ensure they have a more empowered and
security-savvy workforce.
Here are our top tips for all organisations
to consider
Know your enemy
For the workforce to protect itself against a wide
range of threats, it first needs to know the enemy. Information about the most
common threats like malware, phishing, ransomware and social engineering, as
well as how they all operate, could help allow employees to understand the
problem and help them be less susceptible.
Consider password safety
Frustration over creating and remembering passwords
means the vast majority of people use the same password for everything. It’s
not just using the same password for every account, but using the same password
as everyone else. The types of prompts users receive when creating passwords
don’t help, and often mean people use easy and insecure passwords.
“The way we create passwords is becoming more
streamlined – administrators will leave out any measures that put a burden on
users but don’t significantly improve their security,” said Tony Anscombe,
Global Security Evangelist at ESET. Helping employees to understand what makes
a password more secure, and ensuring colleagues adhere to password best
practice, will protect the network within which they operate.
Think before you click
This is one of the most underestimated threats – a
form of psychological manipulation where cybercriminals trick people into
handing over personal and sensitive information, usually through deceptive and
fraudulent means.
Here is one of the most common phishing scenarios:
you receive an email that appears to be from your bank or PayPal. It asks you
politely to check the settings of your account and, via the included link,
provide your credentials and further information. But it is not your bank or
PayPal that will receive your personal details – it will be the cybercriminals
behind this attack.
An astonishing 96,000 attempted attacks occur every year in the UK. Any
‘weird’ email that your best friend, boss or even ‘bank’ sends you can be
verified with a quick call or text to the apparent sender.
Remember that security is everyone’s
responsibility
Every piece of awareness and information needs to
be matched to actions for employees, regardless of department or level within
the company. The C-suite, especially, needs to adhere to the rules, as they are
often the juiciest target for cybercriminals. Making colleagues realise not
only how their actions can be detrimental for the entire company, but also
spelling out how simple steps can keep everyone protected will create a sense
of collective responsibility and help build collective security.
While companies need to wake up to the threats from
hackers, becoming cyber-resilient is a straightforward process. Realising that
remaining secure is everyone’s responsibility means training staff in even the
most basic skills should be a top priority, and European Cyber Security Month
is an opportune moment to develop a more empowered and upskilled workforce.