Johannesburg, 17 Oct 2018
Employees are often touted as one of the biggest threats to an organisation's IT security. However, Charl Ueckermann, CEO at AVeS Cyber Security, says they can actually act as a powerful defence against cyber security threats.
"Educating employees on cyber threats and how to use IT resources and the Internet securely can help lower security risks, as well as the costs associated with managing those risks. Use International Cyber Security Awareness Month (October) to make your employees active warriors against cyber threats, which can impact them personally as well as the business."
Ueckermann says employees can unknowingly expose company networks and data to cyber threats in a number of ways. For instance, by downloading files from unsafe sources, using infected peripheral devices such as USBs and tablets, using unauthorised applications from the Internet, accessing unsafe Web sites, responding to phishing e-mails, clicking on unsafe links in e-mails and even by giving out their personal details or company information on social media. These actions pose a danger not only to the company network, but to the end-users themselves. Aside from the risk of malware, they could open themselves up to the risk of fraud or identity theft.
But, when employees are aware of the risks associated with these actions, and they understand the dos and don'ts, they become contributors to the IT security strategy rather than a threat.
"Protecting an organisation's networks and data takes both technological and behavioural intervention. In fact, effective IT security is the result of managed interplay between people, processes and technology. Each component has the potential to impact the others. Yet the human element is often neglected by IT security strategies.
"Every person who has access to company systems and data plays an important role in lowering IT security-related risks. They also have the potential to impact the effectiveness of technologies and processes in place. With everyone aware and supporting the security strategy, it is possible to reduce IT security costs by a third while increasing the effectiveness of IT security technologies and processes. It's a win-win," says Ueckermann, adding that companies could consider making security education and awareness part of employees' KPIs.
He adds that when employees are more informed about potential cyber threats and are more conscious when using IT and Internet resources, it also empowers them to protect themselves while browsing, engaging and transacting online.
"It is the digital age, with people shopping, socialising, banking and doing business online. It really ups the enjoyment factor if you know you are doing these things safely and not putting yourself at risk. AVeS is a people business, and by the way, we do IT. Rather than clipping employees' wings, we guide companies to empower their employees to use technology safely and effectively for optimum productivity and end-user experiences."
He concludes with these tips for enjoying technology without fear:
1. Avoid connecting to open WiFi networks. Wait until you can connect to a secure WiFi network, especially if you are going to be doing anything sensitive such as banking or accessing your company network.
2. Choose strong passwords for your online accounts, including social media accounts and especially your online banking. Use a complex password that mixes numbers, letters and characters.
3. Don't use your company email address when signing up for a social media account. If the social media account is hacked, you could inadvertently expose other business information linked to your business e-mail.
4. Make purchases using trusted online sites. Only submit credit card details on sites that supply encrypted and secure connections. Look in the address bar for https rather than http. The "s" stands for secure. Secure sites may also have a padlock icon in the address bar.
5. Be careful what you download from the Internet, because you could inadvertently download malware onto your phone or computer. If a site or app looks suspicious, do not download it. You can also try Googling the name of the app to see if any warnings come up.
6. Be careful about what you post online. Do not give away any information that could help a cyber criminal identify who you are, where you work, where you live or any other personal details.
7. Do not share your contact details, banking information or any other personal information with anyone you do not know.
8. Don't click on links in e-mails or open attachments in unsolicited e-mails from people you do not know.
9. Keep your anti-virus software on your computer and mobile devices up to date.
10. Take heed of your company's security policies around the use of e-mail and IT resources. These are in place to protect you as well as the company. You have a role to play in lowering IT security risks.
Share