According to some estimates, global cybercrime costs will reach $10.5 trillion by 2025, an annual growth of 15%. Cybercriminals are not just after government institutions and large companies. Cybercriminals have found a valuable target in small businesses. According to Purples, a cybersecurity firm, 43% of the cyberattacks in 2021 targeted small and medium enterprises.
Among the factors contributing to these data breaches, 48% were because of an employee’s or contractor’s negligence. A social engineering attack may target an employee, making them unknowingly respond to malicious email or become victims of other malware attacks. So, although the employees or people are the biggest assets to a company, they also form the largest security vulnerability to a company or an organisation.
Training and educating the employees on information and computer security is key to reducing this security vulnerability. Read on to know the best tips for employers to elevate security in their workplace.
Using Multifactor Authentication
When you put more barriers in place, attackers will find it more difficult to infiltrate your company’s data infrastructure. That informs the idea behind multi-factor authentication (MFA). In multi-factor authentication, several independent credentials are combined. It may be something a user knows (probably a password), something a user has (for instance, a security token), and what that user is (biometrics like retinal scan).
Multi-factor authentication forms a layered defence, making it increasingly difficult for cybercriminals to infiltrate targets like network infrastructure, databases, and your computing infrastructure. If a factor gets broken or compromised, the attacker will still have to break the next before infiltrating the target successfully. You should ensure that platforms at your workplace have a standard MFA. Some MFAs include entering a pin and swiping an RFID card, being requested to enter an OTP when an employee logs onto your online platform, or scanning a fingerprint and swiping an RFID card, plus answering a preset security question.
Anti-Phishing Measures
Phishing attacks are among the common employees and organisation cyber security threats. The attacker masquerades like an authoritative person or one known to the employee, tricking them to click on malicious links. When the employee clicks on the link, the employee downloads a trojan horse that opens a port on your online platform.
Duplex communication then happens, with the attacker able to send instructions and receive results from your cyber infrastructure. They may install keyloggers and use the collected information to conduct account takeover (ATO) attacks.
Besides security training and awareness, you can use email and network policies to mitigate phishing risks. Encourage your employers to use other ways of confirming the purported sender before they click on the links. Whitelist the trusted email addresses to separate them from unknown ones.
Not using Public Wi-Fi
The cyber security of your workplace is as best as the least informed employee. With the changing work world, most employees are working from home. Others finish some company-related work in lodges. Cafes and restaurants have also become workspaces and meeting venues. With reliance on the internet for communication, it means connecting to public Wi-Fi. The issue with public Wi-Fi, either at a restaurant, lodge, airport, or a café, is that it is unsafe!
Malicious worms and other malware can move from device to device if connected to the same network. Although there is no other option sometimes, if the employee must use the public WI-FI, insist they must use a VPN (Virtual Private Network) to secure the connection. A VPN will encrypt their data where the hotspot does not.
If they send the information over the network without encryption, the attacker can easily see what information the employee has sent. Exposing the company to attacks. Therefore, a VPN should be a must if your employees are using public Wi-Fi.
Using Password Managers and strong Password Policies
Stronger passwords are essential for your network security to remain solid. However, some employees create too small and weak passwords because they are easy to remember. However, these passwords are easy for the attacker to break or guess too. Create a company-wide network policy to prevent this. The policy should require the employees to be creating strong passwords by default.
For instance, ask the employees to be using a combination of alphabet (both upper and lower case) numbers and symbols when creating a password. The password should also be lengthy, at least 10 characters to prevent any chance of a brute force attack by the hackers, ensuring better security. They should also change the passwords regularly, and no two accounts should have a similar or same password.
Complex and lengthier passwords are hard to recall. Encourage the employees to use password managers to store their passwords. They make tracking their passwords easier while ensuring unauthorised users have no access to them.
Sensitive Data Handling
Financial details, customer information, or proprietary business information/secrets are all sensitive data. Sensitive data is anything that malicious attackers may use to hurt your company. When sensitive data is passed over the network in your organisation or anywhere, ensure that it is encrypted and only authorised personnel access it.
To ensure sensitive data handling, you can implement various network security policies relating to email forwarding and file sharing. Use the policies to block the files and emails with sensitive data from reaching or being accessed by unauthorised people. If you use cloud services in your business, ensure you include the cloud within your policies for data handling.
Install the latest application releases
How often do you install the latest software updates? The reminder windows can be annoying, but you should never ignore them. The software updates are a vital part of maintaining application security. They contain patches to recently discovered exploits and vulnerabilities.
The attackers know all the vulnerabilities and outdated services. They use them to infiltrate the cyber systems. A company must stay abreast with the new releases and patches. Although most employees believe that the software updates are optional, they are not. These updates are a vital part of your defence against zero-day attacks.
If your company uses legacy systems, upgrade to newer ones. Discontinued systems like Windows XP and unsupported ones like Windows 7 are a sweet target for these attackers. They also do not get patched up, meaning it can easily compromise their security.
Conclusion
Ensuring the security of your databases, computer, and network infrastructure is a shared responsibility between employers and employees. An organization’s IT network security rests on the best practices and policies of the IT security personnel and the employees. Imparting the above cyber security tips to your employees and ensuring they use them at your workplace is a step in the right direction.
However, these are only a few. Other practices like using firewalls, anti-malware, and anti-bot solutions are some of the other practices. Keep following the evolutions in cyber security to know how you can protect yourself from emerging threats like catfishing and ransomware attacks.