Cyber security - a growing threat
Not a day goes by without a story concerning cyber security, from phishing attacks against individuals and corporations to hacks of accounts and networks. This is a situation unlikely to change in the near future.
And the cost is not just measured in monetary terms. The theft of data or just the knowledge a system has been breached can cause tremendous reputational damage for the organisation concerned, which may outweigh the value of the theft at the time.
Defending against an attack is not simple and no one measure taken in isolation will ward off determined criminals. It is not just the infrastructure, network and apps that pose a risk, although they take most of the focus and seem easiest to control and secure.
Organisations go to great lengths to secure their systems, but the modern criminal knows the weakest point is typically the individuals using the system and how they access it, not the system itself.
Awareness and Training
Although employees may read news stories about phishing, hacking, ransomware, viruses and identity theft, until it happens to them, they will not pay too much attention to the detail. And that’s a big advantage for the criminals.
It is important therefore to train everyone to be aware of the threats and understand how to reduce the risks of a serious security breach, from top to bottom, at all levels, regardless of their access to the system or their seniority. No one is immune to attack.
The focus of any training should include cyber security best practice, which will not only highlight the dangers but offer practical advice to help each individual take responsibility for security within their organisation.
PC & Laptop Security
Most employees will have their own computer at work, or at least a personal log-on and although most will automatically lock after a period of inactivity, it’s important each user locks their computer when they leave their desk.
This helps protect the system and the individual, who could be suspected of being a party to any security breach if it is their computer or log-on that is compromised.
In a similar vein, it is essential that users do not store private or sensitive information on the desktops of their computers, or in unsecured local folders, which might bypass security checks.
Users should be reminded that if they receive an alert relating to a virus, they should immediately report it to the IT manager or IT helpdesk if they have outsourced support. These warnings must not be ignored and users must not attempt to resolve issues themselves without first ascertaining the authenticity of the message and the indicated solution.
It might seem obvious, but one of the easiest ways to protect computers and the system as a whole is to prevent users installing any software or applications that have not been specifically authorised. It can be tempting to add the latest must-have business app, or upgrade an existing version, but users should be reminded not to take any action without the IT department’s okay.
Any on-screen alerts should be read and understood, not ignored. Users again must be reminded that they must not click on alerts to get rid of them, but must notify whoever is guaranteeing the integrity of the system, whether that’s internal or a managed service provider.
Productivity concerns often leads to users leaving their computers on at night, so they’re ready to go the minute they walk in the following day. However, keeping the system secure will improve productivity and that can be helped by everyone shutting down their computer at the end of the day. This ensures any updates are automatically installed and doesn’t allow hackers a quiet 17 or 18 hours access to a system endpoint.
DOWNLOAD THE PDF ABOVE TO READ THE FULL RESOURCE