By Samantha Woollard (Internet Security Specialist) 23 January 2017
It may be a surprise that 59% of breaches within a company happen due to employees. This is not because all your employees are turning against you, (perhaps some), but due to a lack of awareness about information security.
With more than half of employees stating that they connect personal devices to their work computer and one in ten owning up to downloading software onto their work computer, it is easy to see how the percentage of breaches is so high. Connecting devices not related to work and downloading unknown content greatly expands your attack surface which makes your company increasingly vulnerable.
Security awareness within the company involves everyone, including top management, and should be one of the top priorities for all companies. By putting policies and procedures in place, all employees can be informed of their roles within the security of the company. Promoting security in the work place and having regular training sessions, especially for new employees, can help detect threats and avoid any potential consequences of them. Important topics during training sessions are:
Backing up of files
Employees should be involved in preventing loss of information. Even if the information is backed up on a regular basis, it is useful that they too have a daily back up.
Be aware of phishing attacks
Anything that is at all out of the blue, such as links in messages, attachments, emails etc, should not be opened. Even if the sender is known, their machine could have been compromised. Most phishing attempts are sent via email and if clicked on, can result in the installation of malware, redirection to unknown sources etc.
Keeping strong passwords
Passwords should contain at least ten characters, of at least three different types such as upper case, lower case, numbers and symbols. No dictionary words, usernames or names should be used. By using sentences that are easy to remember this can oppose password cracking attempts from attackers. Different passwords should be used for both personal and work accounts and setting up two-factor authentication can also greatly decrease the risk of a compromise.
Keeping a clean machine
Ensure there is a policy on what employees can and can not download. Unknown programs can contain malware which can result in the loss of data, money and open your company to attack.
Physical & desktop security
All file cabinets and desk drawers should be locked in case of theft. When a machine is left for any specific period of time, the screen should be locked. Attackers can install key loggers to track what a user has typed, which can lead to stolen passwords.
Software updating & patching
Having all the correct software, e.g anti-virus and anti-malware, running to protect each machine is a good step in preventing infections. However, it was reported that over half (51%) of employees do not know how to update anti-virus protection, which can result in new variants of malware going unnoticed. Also other software the company uses requires regular updates to patch any recent vulnerabilities that have been fixed.
Stay alert & report strange activity
Encourage employees to speak up about anything peculiar happening on their machine and flag any suspicious behaviour such as phishing emails.
Training sessions can be performed in various ways, such as class-like lectures, videos and Q&A discussions. To make the process of educating employees beneficial and ensuring the information was absorbed, have mini quizzes after each session. Try to not bombard them with too much, as this can have the opposite affect to what you intended.
Security awareness is a critical element to your company’s security, and if implemented correctly, can prevent and protect your systems from potential attacks.
Relax, your Security is Intact.
Author: Intact Security