Human error accounts for approximately 85% of all data breaches, so it is more important than ever to train staff on cyber best practices in the workplace – and at home. The remote work environment has presented a new set of cyber challenges with risks such as malware, phishing and insecure data storage considerably heightened. It takes just one employee to click a malicious link for a data breach to cost your company money and possibly even your reputation as a trustworthy enterprise.
Over the 2020/21 period, there has been a massive increase in phishing attacks with a huge amount of pandemic related phishing emails. Google’s Threat Analysis Group reported that they blocked 18 million COVID-19 themed malware and phishing emails per day. At Evologic, we can’t underemphasize the importance of training your staff. We partner with Knowbe4 who are the leading supplier of security awareness training. Their setups are designed to run continuously within your organisation and implemented by our helpful IT experts. This includes client portal setup, whitelisting in Office 365, active directory integration, initial baseline assessment emails, assessment reporting, phishing campaign set-up, execution and evaluation, initial, quarterly and annual reporting and new user onboarding.
Here’s a deeper look into why this type of staff training is essential in your cyber defence strategy.
Phishing Email Attacks
Roughly 91% of successful phishing attacks are the result of email scams and a common cause of security breaches. While companies are aware of the threat, employees must be well-trained in how to recognise sophisticated attacks and well-disguised communications. Employees can also become complacent over time, so refreshing your security awareness training is important to undertake on an annual basis – at least.
A targeted form of attack we are seeing more is ‘spearphishing’. These emails will often impersonate existing contacts or masquerade as intra-office comms to gain the trust of the addressee. By properly training your employees to not just recognise these harmful emails, but report them, these threats can be avoided and reduced.
Part of security awareness training includes portal setup and active integrations so new staff are added to the testing and assessment sessions. This includes actual phishing testing to gauge the cyber performance level of your staff. They increase in difficulty to ensure ongoing vigilance.
Commonly guessed passwords are one of the weakest points in an organisation. They make it easier for hackers to gain access to your accounts. If your account information is stolen, it could be sold on to the highest bidder, or you may be held to ransom on the threat of data publication.
Evologic and Knowbe4 can help train your staff to implement strong passwords and multi-factor authentication to add the necessary layers of security across your staff accounts.
Often overlooked by companies as a possible security threat, removable media and storage devices that contain company information need to be monitored and securely stored when not in use. Personal storage devices used on company hardware such as USB sticks and external hard drives can potentially contain malicious files. They also allow sensitive information to be copied and left unattended or lost. Only company approved storage devices should be used and your staff members need to know how to use these devices safely and responsibly.
Given the increase in flexible work environments and remote connectivity, mobile device security is paramount. Staff need to have a level of accountability when accessing company data on their personal devices, especially when travelling and using public wi-fi.
The invention of malicious mobile apps through free and unsuspecting downloads has upped the risk of mobile phones being infected with malware. This could lead to a security breach.
Through best practice mobile security courses, we can help educate your employees to avoid the risks using proven security protocols. At the least, mobile devices should always be password protected or encrypted in the event of the device being lost or stolen. Some companies even ask staff to sign a mobile security policy.
There’s still the odd employee or several who writes their passwords down on pieces of paper. While most attacks are through digital mediums, physical documents that contain sensitive information should be stored securely and never left unattended. That’s a no-no for sticky notes with passwords under keyboards.
By teaching basic awareness of the risks of leaving documents, unlocked computers and passwords around the office or an employee’s home can reduce these security risks. Implementing a regular desk-cleaning and decluttering session can also make for safer workplaces.
In 2021, the obvious need for hybrid working environments meant many companies drastically change their security models. If staff aren’t safely educated on the risks of remote working, this can be a liability. When it comes to best practice and working from home, any personal devices that are used for work must remain locked when not in use and have the approved anti-virus software installed.
Given our work environments have changed permanently and employees are now demanding to work from home as part of their employment agreement, keeping employees trained on the latest cyber security threats must be a priority.
There was a considerable uptick in the number of companies that switched to cloud-based servers in 2020 and 2021. The good news is that cloud-based operating systems are arguably more secure than physical servers. There is however a concern with such considerable amounts of data being stored online. Getting a professional IT provider such as Evologic to help you make the transition along with cyber security awareness training can ensure the secure use of cloud-based applications.
Educating your employees on safe internet and email habits should be a key part of any IT training. Multiple studies have revealed that most people have the same password across multiple accounts. This means if just one account is hacked or compromised, a hacker can gain access to a range of employee accounts – both work-based and personal. Evologic and Knowbe4 can help your staff understand how to utilise system-generated passwords or multi-factor authentication to ensure optimum password security.
Evologic and Knowbe4
Through our managed IT services and solutions and partnership with our leading security training partner, Knowbe4, we can help train your staff and provide ongoing assessments to report on the security awareness of your teams for the best possible defence against cyber crime.