Tag Archive for: cybersecurity

Welcome to this fourth article in our useful Employer Series: Exploring People Management in the Digital Era. Cybersecurity is one of the greatest concerns for businesses. In our last article, we looked at ways employers can make the workplace more secure.

 

 One of those ways is by ensuring all employees follow a unified cybersecurity policy. In this article, we’re going to look more carefully at actions that will help you support your teams to be more secure, mitigate digital vulnerability, and avoid cyberattack.

Your employees are your partners in cybersecurity. Their actions have a huge impact on the security of your organization, from how they react to a single phishing email to how often they change their passwords. These five tips will help you implement cybersecurity workforce solutions that support your efforts to keep your business secure and your employees educated and empowered.

  1. Educate Employees on Phishing

Cybercriminals use spoof emails and email addresses to gather information or to send malware onto a company network. Training employees on how to recognize phishing emails is a key step in preventing problems such as ransomware or data loss. Your employees should know never to click on a link from an email, never to open an attachment they’re unsure of, to always scan attachments, and to always check the actual email address the email has come from. Other red flags to look out for are obvious spelling errors, emails not in a company-accepted format, or a “company-wide” email only sent to one or two people.

  1. Treat all Employees Equally

When it comes to cybersecurity, everyone needs to be in the loop. A single worker who ignores the policies in place could pose a massive risk to the organization. Yet according to the CSO Global Intelligence report, only 49% of companies insist that their remote workers adhere to company cybersecurity policies. That’s potentially 41% of all remote employees who could create easy ways for malicious actors to access the company network.

Cybersecurity workforce solutions are only as effective as their weakest link. Check that you have an accurate list of all employees and a record of whether or not they’ve received a copy of your latest company cybersecurity policy. It’s also critical to ensure they understand the policy and to address any gaps in understanding immediately.

  1. Invest in Effective Employee Education

As we touched on in the last article, your employees are your greatest asset, which is why you should invest in them and help them reach their potential. On-the-job training is effective because it ensures employee attendance as opposed to training that they do on their own time, and it also boosts the morale of employees. It may even increase their loyalty to the company.

Dover’s founder, Sanquinetta Dover, says that “…employers who invest time and resources in their workforce will see returns in both the short-term and the long-term. Employee education isn’t just a tool for company success – it improves self-confidence and innovation within your teams.”

When you see gaps in cybersecurity awareness, don’t blame the individuals. Instead, try to assess how far the issue spreads within your company and work with an effective partner to create the right educational programs to bring your employees back up to speed and empower them to make the right choices to avoid cyberattacks.

  1. Engage Directors and Managers With Cybersecurity Education

In addition to making sure all of your employees are included in your cybersecurity efforts, it’s also critical to involve your directors or other stakeholders in the development and implementation of cybersecurity policies. Ensuring you have support from the highest levels within your company means you should receive the funding and investment you require to get the education your teams need. Perhaps you could arrange a monthly or quarterly cybersecurity catch-up to discuss potential threats or review the impact of your current educational program.

If you are in the director’s seat yourself, work it the other way and ensure you have all your managers on board with rolling out the right education. Give examples of businesses that failed to update their cybersecurity policies, such as the Colonial Pipeline attack of May 2021, or the events at the water treatment plant in Florida. The Florida attack particularly highlights the impact a single employee can have, as it was just one vigilant worker who prevented a crisis – thanks to them having up-to-date cybersecurity awareness.

  1. Training on Creating Effective Passwords

If you don’t have a password manager, you need to train your employees to understand the importance of effective passwords. The aforementioned Colonial Pipeline attack may have occurred due to a lapse in password standards, showing how critical it is to maintain security at every level. All employees should know not to use the same passwords for different systems or devices. They should also be aware of your company rules regarding passwords. If you don’t have any, it’s a great idea to write policies that encourage consistency and awareness.

Dover Training Institute knows that there are many challenges when it comes to training and educating teams on cybersecurity, particularly in industries where the threat is relatively new. That’s why we’re working on a new program covering cybersecurity workforce solutions that will provide the right resources for businesses looking to eliminate their digital vulnerabilities. Contact Dover Training Institute for further information.

Welcome to the third article in our Employer Series: People Management in the Digital Era. As we’ve already explored, identifying the cybersecurity risks to your company is a key step in protecting your business from cyberattacks. In addition to understanding the threats and your organization’s potential digital vulnerability, there are ways you can work more effectively to make your organization more secure. Employers need to engage their whole workforce and IT specialists to create a digitally secure workplace.

The FBI states that the annual cost of cybercrime has climbed above $3.5 billion, with attacks including ransomware that effectively shut companies down until they can either pay the bad actors or use cybersecurity experts to eliminate the threat. Microsoft reported a 35% increase in cyberattacks in the first half of 2020, and that number appears to be increasing exponentially. To avoid becoming part of these shocking statistics, here are five ways to boost cybersecurity in the workplace and mitigate the risks to your business.

1. Set Rules around Company versus Personal Devices

Ideally, your organization should only use devices set up by your IT specialists or managed service providers. They should all have specific security services, such as company-approved firewalls and anti-malware software. However, in a world where around 25% of people work remotely, that’s simply not possible. Add into that all your team members who are out on the road or who use their smartphones for work purposes, and that’s a lot of potential digital vulnerabilities.

Creating rules and restrictions around what devices you can use for company purposes can mitigate those risks. Consider allowing only company laptops and desktops to be connected to the company’s physical network. Remote laptops could use a virtual private network (VPN) for additional security. Additional devices such as flash drives should be avoided to minimize the risk of transferring dangerous data from one device onto the company network.

2. Implement Company Generated Passwords

Allowing your users to generate their own passwords for company systems is a major risk. Over half of Americans use the same password for multiple apps or systems. This means that a cybercriminal only has to hack one password to gain access to multiple levels of a company. Using a password manager is a simple way to avoid this. This piece of software integrates with your company systems to create complex passwords that are always unique. Consider implementing a rule that all passwords must be changed every few weeks to keep even determined cybercriminals on their toes.

3. Set up Two Factor Authentication

For any particularly vulnerable systems or ones that carry sensitive data, consider setting up two-factor authentication, also known as 2FA. This means that as well as entering a password, the user will need to follow a prompt either via a digital app, a message, or an email. Normally the system sends a code to the relevant 2FA device, and the user then has to enter that code into the company system before they can progress further. As cybercriminals rarely have access to both the system and the user’s personal email or phone, this is a much more effective way of ensuring a secure system. Multi-factor authentication or MFA is an even more complex version of this, and could be utilized for extremely sensitive systems or storage.

4. Test Your Security

Sometimes the only way to understand the digital vulnerability of your company is by testing it. You can do this by sending fake phishing emails to members of your team and seeing how many responses or click-throughs they receive. This is not about picking on individuals, of course, but a way to understand how effective company-wide cybersecurity training is. You could also liaise with cybersecurity experts to stage a simulated security attack and assess your team’s response efforts. Understanding how your company responds to a serious cyberattack could help you direct the training and education you need to boost your teams’ awareness and readiness.

5. Set Cybersecurity Policies at an Organizational Level

Ideally, all businesses should have a cybersecurity policy or set of policies in place. All employees should agree to these policies, and be fully trained in carrying them out. This is one of the most, if not the most, critical aspect of protecting your company from cyberattacks. Dover Solutions founder, Sanquinetta Dover states, “Your people are your best asset. Make sure they know that each of them has a vital role to play in your cybersecurity strategy. Employees whose contributions are valued better understand the impact their actions have on your company as a whole.”

This is true of all company-wide policies, but especially cybersecurity. If every member of your team is diligent and aware, then your company naturally becomes more digitally secure.

In our next article, we’ll be looking at exactly how to raise cybersecurity awareness among your employees, and what practices your whole team should be employing to minimize digital vulnerability. For more information on cybersecurity for businesses or other aspect of people management, contact Dover Training Institute.

Today’s technological advances and unique customer needs are continuing to drive businesses towards a much-needed and exciting digital transformation. But along with that transformation come vulnerabilities to a company’s cybersecurity.

Read more

 

This is the first in a series of articles under the theme People Management in the Digital Era. The series aims to help employers create a workplace and train a workforce that’s equipped to capitalize on the advantages of digital transformation without falling prey to the risks that accompany it — namely, cyberattacks. Read more