Ransomware. Malware. Viruses. It seems there is enough to worry about when using a computer to make you want to hide under the desk! However, I believe there is a better way to combat cybersecurity. To put things into perspective, Eddie Schwartz, chair of ISACA’s Cyber Security Advisory Council, had this to say on the topic of security in the workplace.
“If we look at security breaches over the last five to seven years, it’s pretty clear that people, whether it’s through accidental or intentional introduction of malware, represent the single most important point of failure in terms of security vulnerabilities.”
It’s pretty alarming to think that the greatest security risk in a company is actually the humans running the show. However, there is some sense to it all. Social engineering has become a huge problem, which means that being a successful hacker isn’t always about being good with computers and technology, but simply exploiting someone using psychological tricks. I’ve received many phishing calls and read dozens of scam emails to know that this is a recurring problem for many of us today.
So, come out from under the desk and read this advice on making sure employees are up to date with security concerns in the workplace.
Execute replica scams
What better way to test the mettle of your employees than by simulating a phishing attack? There are various companies across the world, such as PhishLabs, Wombat, and IronScales, whose job it is to set up fake phishing scenarios unbeknownst to the employees (like emails and calls) to see who actually falls for the scam and who gets suspicious. This is a useful tactic, as it’s hard to know what phishing is actually like until it happens to you directly.
Use complex passwords
Amazingly, I’ve heard about employees using the simplest passwords known to mankind for protecting all their precious data. Passwords like ‘123456’, ‘password’ (yes, actually the word) and ‘qwerty’ are all very common in the workplace and even the home. Hackers have very sophisticated methods and means to get into accounts, which means algorithms are often run to crack passwords. Not surprisingly, easy passwords like those above will be discovered in milliseconds. This means that a complex password will take a very long time to crack – time that hackers usually aren’t willing to spend.
Top tips for strong passwords:
- 12 characters or more
- Combination of uppercase and lowercase letters
- Special symbols like ! ? &
- Nothing related to you, e.g. your child’s name, favorite sports team, last name, etc.
Password managers like KeePass or Dashlane are also a great idea, as these programs can help you keep track of all the passwords for every different account. As I know that it’s hard to recall all our passwords, it’s useful to have software which remembers them all.
Train from day one and offer continuous teaching
As has been discussed before concerning security in the workplace, keeping your employees happy, motivated, up to date, and vigilant without using scare tactics is incredibly important for all involved. Getting everyone on the same page from day one will hopefully reduce the risk down the line. After all, prevention is better than the cure. Inform all new employees about what’s expected of them with regards to keeping data safe, but also tell them of practices used to gain that precious data (like the social engineering methods).
Furthermore, as hacking methods evolve, so too should your training. Cybersecurity will never be stagnant, so reminders and updates for employees must be given constantly. New types of scams appear all the time, but all employees from top to bottom need to hear about them.
Don’t let your employees be the weakest part of your security, make them be the strongest.