An Employer’s Guide to Boosting Cybersecurity in the Workplace
Welcome to the third article in our Employer Series: People Management in the Digital Era. As we’ve already explored, identifying the cybersecurity risks to your company is a key step in protecting your business from cyberattacks. In addition to understanding the threats and your organization’s potential digital vulnerability, there are ways you can work more effectively to make your organization more secure. Employers need to engage their whole workforce and IT specialists to create a digitally secure workplace.
The FBI states that the annual cost of cybercrime has climbed above $3.5 billion, with attacks including ransomware that effectively shut companies down until they can either pay the bad actors or use cybersecurity experts to eliminate the threat. Microsoft reported a 35% increase in cyberattacks in the first half of 2020, and that number appears to be increasing exponentially. To avoid becoming part of these shocking statistics, here are five ways to boost cybersecurity in the workplace and mitigate the risks to your business.
1. Set Rules around Company versus Personal Devices
Ideally, your organization should only use devices set up by your IT specialists or managed service providers. They should all have specific security services, such as company-approved firewalls and anti-malware software. However, in a world where around 25% of people work remotely, that’s simply not possible. Add into that all your team members who are out on the road or who use their smartphones for work purposes, and that’s a lot of potential digital vulnerabilities.
Creating rules and restrictions around what devices you can use for company purposes can mitigate those risks. Consider allowing only company laptops and desktops to be connected to the company’s physical network. Remote laptops could use a virtual private network (VPN) for additional security. Additional devices such as flash drives should be avoided to minimize the risk of transferring dangerous data from one device onto the company network.
2. Implement Company Generated Passwords
Allowing your users to generate their own passwords for company systems is a major risk. Over half of Americans use the same password for multiple apps or systems. This means that a cybercriminal only has to hack one password to gain access to multiple levels of a company. Using a password manager is a simple way to avoid this. This piece of software integrates with your company systems to create complex passwords that are always unique. Consider implementing a rule that all passwords must be changed every few weeks to keep even determined cybercriminals on their toes.
3. Set up Two Factor Authentication
For any particularly vulnerable systems or ones that carry sensitive data, consider setting up two-factor authentication, also known as 2FA. This means that as well as entering a password, the user will need to follow a prompt either via a digital app, a message, or an email. Normally the system sends a code to the relevant 2FA device, and the user then has to enter that code into the company system before they can progress further. As cybercriminals rarely have access to both the system and the user’s personal email or phone, this is a much more effective way of ensuring a secure system. Multi-factor authentication or MFA is an even more complex version of this, and could be utilized for extremely sensitive systems or storage.
4. Test Your Security
Sometimes the only way to understand the digital vulnerability of your company is by testing it. You can do this by sending fake phishing emails to members of your team and seeing how many responses or click-throughs they receive. This is not about picking on individuals, of course, but a way to understand how effective company-wide cybersecurity training is. You could also liaise with cybersecurity experts to stage a simulated security attack and assess your team’s response efforts. Understanding how your company responds to a serious cyberattack could help you direct the training and education you need to boost your teams’ awareness and readiness.
5. Set Cybersecurity Policies at an Organizational Level
Ideally, all businesses should have a cybersecurity policy or set of policies in place. All employees should agree to these policies, and be fully trained in carrying them out. This is one of the most, if not the most, critical aspect of protecting your company from cyberattacks. Dover Solutions founder, Sanquinetta Dover states, “Your people are your best asset. Make sure they know that each of them has a vital role to play in your cybersecurity strategy. Employees whose contributions are valued better understand the impact their actions have on your company as a whole.”
This is true of all company-wide policies, but especially cybersecurity. If every member of your team is diligent and aware, then your company naturally becomes more digitally secure.
In our next article, we’ll be looking at exactly how to raise cybersecurity awareness among your employees, and what practices your whole team should be employing to minimize digital vulnerability. For more information on cybersecurity for businesses or other aspect of people management, contact Dover Training Institute.