Cybersecurity: as much about technology as it is about training and awareness
Cybersecurity is essential in the workplace because it helps to protect the company’s data, networks, and systems from unauthorized access, theft, and damage. The reality is we cannot hide from the fact that there are people who want to infiltrate our computer system to obtain private information or to hold our data hostage. Cybercriminals have no scruples. Driven by financial, political, corporate espionage, and “FIG” (Fun, Ideology, and Grudge) motives, they have no concern for who or how they harm companies or individuals. It is crucial, with the increased sophistication and frequency of cyber-attacks, that companies implement robust security measures.
A cyberattack can have a devastating effect on your business:
• Data loss and manipulation
• Unexpected ransom payment
• The cost associated with response and recovery
• Cost of investigation
• Regulatory breach reporting and legal consequences
• Potential fines and damage payments
• Operational disruption and decreased productivity
• Reputation damage and compromised trust
• Loss of customers/clients
• Threat to ongoing business operations
As business owners, we have many safeguards in place to protect our computers and networks. We have purchased firewalls, website blockers, antispam filters, EDR systems, antivirus protection, multi-factor authentication, data encryption methods, and backup systems. However, cybersecurity is as much about technology as it is about training and awareness.
Proper cybersecurity training is crucial in the workplace. Employees are often the weakest link in the security chain, and they can unwittingly expose the company to cyber threats through simple actions such as clicking on malicious links or using weak passwords. Therefore, it is advantageous for companies to train staff members about cybersecurity policies and best practices to aid them in identifying possible threats, taking appropriate action, and avoiding security lapses.
We must be diligent and intentional in protecting our data and computer systems.
Consider the following areas of cybersecurity training in the workplace:
- Password management: Employees should be trained on how to create strong and work-specific passwords.
- Internal passwords should not be the same as personal ones, and do not use personal information in passwords.
- Remove lists of passwords from the network.
- Utilize password management software.
- Data protection: Employees should be trained to handle and send sensitive information, such as customer data and financial records, to others.
- Encryption is key – purchase and require the utilization of encryption software.
- Do not use public Wi-Fi.
- Do not use flash drives.
- Create separate users for bank accounts and use two-factor authentication.
- Phishing awareness: Employees should be educated on how to identify and report suspicious emails and links that may be part of a phishing attack.
- Never click links, open attachments, send money, or provide information if you don’t know the sender. (Note: Unsubscribe links are dangerous)
- Narrow the attack surface: Don’t shop online or surf the web while at work. These activities open you up to more phishing assaults.
- Block news channels
- Phones are easily hackable – do not plug phones or other devices into your computer to charge.
Cybersecurity awareness and training are crucial in the workplace to safeguard the company’s assets, reduce the danger of data breaches and cyberattacks, and uphold stakeholder and customer trust. It is your business to protect and preserve, and it is your business to lose if you don’t. Stay ahead of the next cyberattack. Start today and schedule a training session with your users to heighten awareness.
Linda L. Nay
Vice President, Administration