Cyber attacks are on the increase and it is becoming increasingly important for businesses to ensure that all staff, not just IT staff, are trained in cyber awareness so they are able to identify possible attacks on the business, says Mark Clarke, technology sensei at Jumping Bean.
When most business owners think about cyber attacks, they immediately think it is a technology problem. And while adequate IT security is critical to any business, the reality is that most cyber criminals will probably gain access to your business using phishing or social engineering techniques and not by hacking your firewall.
Cyber criminals are no different to any other criminals: they will always look for the weakest spot to gain entry into a business.
Cyber awareness training is essential for all levels of staff
In many cases this will be through phishing scams in which sensitive usernames, passwords and other login credentials are captured by disguising e-mails and Web sites as trusted communications. Staff who interact with these communications can easily have their credentials stolen. These are then used by the attacker to move deeper into the organisation.
Not all attacks are electronic, however, and staff need to be trained to avoid being compromised by social engineering techniques. In these cases attackers will impersonate someone in order to trick a staff member into handing over sensitive information. Social engineering is widely used because it is generally easier to trick a person into handing over sensitive information than to hack into their systems.
Phishing and social engineering techniques can be used against any member of staff no matter how senior or junior which is why staff need to be trained to be aware of the various forms these sorts of attacks my take. It takes just one compromised staff account to potentially open up the rest of your network to these criminals.
BYOD means employees need to be vigilant with their own personal computing habits
"There is also the added risk of users who either bring their own device to work or regularly take their laptops home," says Clarke. "While your business security systems may be high quality, that's not always the case for home networks. Staff that are connecting to either public networks or home networks need to be aware of the risks and be able to take additional precautions to avoid being compromised. A single compromised device brought into the organisations could be the opening a cyber criminal is looking for."
Training all levels of staff in the basics of security, from using anti-virus software, to identity theft, mobile security, social media security and e-mail security, is the best way to ensure that no doors are left open to potential attackers.
It's also important to be regularly monitoring users to ensure they are maintaining vigilance, says Clarke. "This could typically be done after their initial training by constructing fake phishing e-mails and monitoring which staff members engage with these. Those users can then have follow-up training."
Share