Welcome to this 7-week series on Cybersecurity Tips for your employees. In these series we will be covering off the following topics:
- Week 1: Introduction – The Need to Educate Employees on Cybersecurity
- Week 2: Physical Security Precautions
- Week 3: Email Threats
- Week 4: Username and Password Management
- Week 5: Mobile Security
- Week 6: Secure Website Browsing
- Week 7: The Value of an MSP in Ensuring Employee Cybersecurity
Hopefully by the end you have some tools and ideas on how to protect your business as well as how to leverage your IT Managed Services Provider to help you implement necessary long-term cybersecurity measures.
Introduction: The Need to Educate Employees on Cybersecurity
When developing cybersecurity programs, many businesses focus on protecting their infrastructure perimeter such as a router/firewall and end users’ devices. After all, that’s where you expect your typical cybercriminals to first gain access to your company and wreak havoc.
It is however important to consider what happens when a threat bypasses that perimeter defence and targets an employee directly; whether in the form of a malicious email or text, or even a voicemail that might prompt an employee to respond with confidential company information. There is also the possibility of an offline attack from inside the office, where an employee or an office visitor might gain access to valuable data by quickly taking something carelessly left on a desk.
According to a PricewaterhouseCoopers survey, in 2014, 69% of business executives expressed concern about cyber threats, including a lack of data security. In 2015, an updated survey increased that number to 86%. These numbers indicate that it’s clear there’s a pressing need for better cybersecurity. The issue is not going away anytime soon. If anything, it’s only getting worse.
Stronger cybersecurity has become a global priority over the last few years as hackers have successfully penetrated the IT infrastructure of government and enterprises with increasing frequency and sophistication. According to a recent report by 4 Corners and published on ABC, security firm Kaspersky released a report that revealed more than 70,000 computers around the world had been hacked, with their usernames and passwords put up for sale on the dark web. Coupled with the Internet of Things (IoT) and the explosive growth of mobile devices, the threat landscape and potential for data leaks is even more significant.
In this series, we will explore the need for employees to practice strict and secure cybersecurity habits; not only to thwart digital attacks, but also to prevent someone from simply walking by their desk (in the office or at home) and picking up a device or document that contains sensitive information. We also present the key steps SMB business owners can take to educate their employees to help secure their company’s data and intellectual property.
We can’t stress enough the importance of security awareness training for internal employees. Educating them on what it takes to protect proprietary documents and data is critical. Any leaks, unintentional and intentional, could hurt the business in the form of information that assists a competitor, violates regulations, or harms the corporate image. Leaks can also hurt employees from the standpoint of personal information that might be exposed. Lastly, customers and business partners could be at risk, compromising the industry reputation of any business that does not properly protect confidential information. It only takes one incident to completely destroy any goodwill you established and built with your customer base.
Stay tuned for next week’s’ chapter on Physical Security Precautions