Back at work now and Christmas feels like it is so last year. But cyber-risks never go on holiday. Our workplaces are a battleground when it comes to cybersecurity. Here we take a look at our top 5 cyber-risks and how they impact your work. We will also give you some ideas for de-risking your cyber-risk.
When Cyber-Risk Becomes Security Risk
These are just five of the possible areas where cyber-risk rears its ugly head. However, there are, of course, many more. You will find as you go through them that they ring a familiar bell. The methods we suggest in reducing the cyber-risk should, however, also go some way to generally cutting security risks across all parts of your business.
Accidents do happen
Have you ever clicked the email send button and then looked at the screen in horror as you realise, you’ve sent it to the wrong person? To err is human, so they say. Data exposure does not always have to come down to some external cybercriminal. It can be a simple accident. Leaving a laptop on a train or having a laptop stolen; one of the first UK data protection fines was against a Sheffield company. An employee had taken a laptop home to work from. His house was burgled, and the laptop stolen. It contained the unencrypted personal data of 24,000 people.
To help cut your cyber-risk:
- Teach employees about cyber-risk and use security awareness training to help prevent accidental data leaks.
- Provide the right security tools to help prevent data exposure. This includes robust login credentials (aka, strong passwords and second factors, like SMS texts), encryption, and data leak prevention solutions.
– Watch our free taster sketch “Phishing Emails in Real life” from our hilarious Sketches security awareness training series
Messy desks not so tidy cybersecurity risk
A clean desk policy is about stopping security breaches by being tidy. A simple act, like ensuring at the end of the day, things like paper notes, USB fobs, and other items are tidied away, can prevent security breaches. It also helps if you need to meet ISO27001 compliance as it is a basic principle of the standard.
To help cut your cyber-risk:
- Create a policy around clean desk actions
- Add this policy to a security awareness training package to ensure a full understanding of the implications
Something smells phishy
Phishing is a major cyber-risk for any organization. The UK’s Cybersecurity Breaches Survey for 2019, found that phishing is still the top technique used to steal data. The survey pulls out some of the respondents’ experiences of phishing, one of which states:
“Thinking of the phishing emails, they are going to get harder to spot. They are getting better at doing them. They are getting more and more sophisticated.”
To help cut your cyber-risk:
- Teach your employees how to spot the tell-tale signs of phishing. A security awareness training program will take them through the variety of phishing types.
- Create a program of phishing simulation exercises to test your employee’s response to phishing emails.
- Use a spam filter. However, cybercriminals are always finding ways to circumvent this type of solution, so always back up technology with employee knowledge.
Not so mobile security
Around 67% of employees use mobile devices at work, often without consent. Cybercriminals are aware of this and mobile devices are, therefore, being increasingly used for phishing purposes. The mobile device is now the scammers favourite. It provides a platform rolled-into-one to target for phishing as SMS texts (SMShing) as well as malware-laden apps. The mobile landscape at work provides many opportunities for stolen login credentials and data breaches.
To help cut your cyber-risk:
- Have a security policy that has a strong mobile usage clause with advisories for employees on app downloads, etc.
- Use a robust least privilege model of IT resource access – this can prevent accidental access to sensitive resources from a mobile device that may be infected with malware.
- Teach your employees about the dangers of mobile malware and SMShing
An inside job
Insider threats are a difficult cybersecurity risk to fix. They are also a present danger as found by a Computer Associates survey which reported that 53% of organizations were impacted by an insider threat. Insider threats come in many shapes and sizes, both accidental and malicious.
To help cut your cyber-risk:
- Create a culture of security through security awareness training.
- Know your data, who is allowed to access it, from where, and when.
- Use data leak prevention (DLP) tools – some types of DLP have behavioural audit and can alert when unusual events occur
- Use a system of least privilege for access to company resources
- Try and understand why you have a malicious insider if you do find one, and attempt to alleviate the cause, if possible
Why Security Awareness is a General Security Fix
Cyber-risk ultimately comes down to managing that risk. One key method used to manage many of the cyber-risks at work is through knowledge and understanding. Training employees about risks and how to minimise risk, goes a long way to protecting your company against cybersecurity threats. Security awareness training, when done in a fun and interactive way, is a fundamental way for you to take cyber-risks and shred them.
Want access to the world’s most interactive security awareness training? Sign up for a free demo and find out how we’re already helping organisations just like yours.