What’s the biggest risk to your company…IT security, poor software? No, people. The future security of your business and the sensitive information it possesses, all depends on those who use it. The GDPR has raised the stakes and business’ priorities when it comes to the proper usage and storage of information.
Between now and 2021, spending on cyber security is expected to reach close to £780m. But would business owners be better advised to spend some of that money on training staff?
You may have heard it many times before and possibly even experienced it for yourself, but education, training and knowledge are the key to preventing cyber attacks. Many employees are unaware of the risks they are putting businesses under by opening unfamiliar emails, downloading insecure files or using internal systems with the public WiFi we all love so much. While the option of flexible working is considered a blessing by many employees, business owners have to consider the associated risks and the best ways to deal with them. Sensitive communication and file sharing across public networks could increase the chance of data being intercepted.
One individual failing to use designated online encryption correctly, or using an unsecured laptop from home, can create a hole in the business’ security and leave it vulnerable to attack. In truth, due to the volume of information, passwords and devices which pass through employees, staff need to be regularly educated on security processes, procedures and what to do in the wake of a suspected attack.
Consider these actions to take to put your mind at rest:
- Have a cybersecurity travel policy in place
- Consider banning the use of all “free” Wi-Fi hotspots
- Mandatory VPN use when using Wi-Fi
- Use of Multi-Factor Authentication to access and use any company apps, resources tools or data
- Device and User Authentication
- Educating your mobile workforce on the importance of cybersecurity through reinforcement training
- Run simulated email phishing campaigns to help your staff identify malicious emails
Having clear and concise procedures put in place which are regularly rolled out across the company is essential in ensuring both yours and the data of those you work with, are safe. Making sure all staff are familiar with these procedures could prevent cyber attacks from occurring. Many businesses choose to include this in the welcome pack given to employees and regularly send out fake ‘phishing’ emails or tests in order to keep knowledge and understanding on point.
Let our expert team help you create, implement and maintain these procedures so the horrors which lie beneath the surface of your security processes, no longer need to keep you up at night.