This year, we have seen some of the most high-profile victims of cybercrime across the world, including the NHS in the UK, and the attack on Equifax that impacted millions of people in several countries. The damage has not only cost companies money, it has also hit their reputations hard. Yet despite the impending threats and, as cyberattacks only become more commonplace and grow in severity and scale, it's worrying that a significant number of companies feel unprepared to deal with such an attack.
While cybersecurity can be a large – and sometimes overwhelming – investment in both time and money, it is the “new normal in what companies need to do in order to protect themselves” as Stephen Cobb, Senior Security Researcher at ESET, has commented. And training for staff needs to be a big part of this “new normal”, especially when you consider that 55% of employees in UK organisations have had no recent cybersecurity training.
October, being European Cyber Security Month might be the ideal time for companies to get over the fear of the word ‘cyber’ and tackle the issues head-on. Cybersecurity is everyone’s responsibility and organisations need to train staff to ensure they have a more empowered and security-savvy workforce.
Here are our top tips for all organisations to consider
Know your enemy
For the workforce to protect itself against a wide range of threats, it first needs to know the enemy. Information about the most common threats like malware, phishing, ransomware and social engineering, as well as how they all operate, could help allow employees to understand the problem and help them be less susceptible.
Consider password safety
Frustration over creating and remembering passwords means the vast majority of people use the same password for everything. It’s not just using the same password for every account, but using the same password as everyone else. The types of prompts users receive when creating passwords don’t help, and often mean people use easy and insecure passwords.
“The way we create passwords is becoming more streamlined – administrators will leave out any measures that put a burden on users but don’t significantly improve their security,” said Tony Anscombe, Global Security Evangelist at ESET. Helping employees to understand what makes a password more secure, and ensuring colleagues adhere to password best practice, will protect the network within which they operate.
Think before you click
This is one of the most underestimated threats – a form of psychological manipulation where cybercriminals trick people into handing over personal and sensitive information, usually through deceptive and fraudulent means.
Here is one of the most common phishing scenarios: you receive an email that appears to be from your bank or PayPal. It asks you politely to check the settings of your account and, via the included link, provide your credentials and further information. But it is not your bank or PayPal that will receive your personal details – it will be the cybercriminals behind this attack.
An astonishing 96,000 attempted attacks occur every year in the UK. Any ‘weird’ email that your best friend, boss or even ‘bank’ sends you can be verified with a quick call or text to the apparent sender.
Remember that security is everyone’s responsibility
Every piece of awareness and information needs to be matched to actions for employees, regardless of department or level within the company. The C-suite, especially, needs to adhere to the rules, as they are often the juiciest target for cybercriminals. Making colleagues realise not only how their actions can be detrimental for the entire company, but also spelling out how simple steps can keep everyone protected will create a sense of collective responsibility and help build collective security.
While companies need to wake up to the threats from hackers, becoming cyber-resilient is a straightforward process. Realising that remaining secure is everyone’s responsibility means training staff in even the most basic skills should be a top priority, and European Cyber Security Month is an opportune moment to develop a more empowered and upskilled workforce.
