10 Ways to Ensure an Employee Stays Cyber Security Aware

23 June 2021

10 Ways to Ensure an Employee Stays Cyber Security Aware

We all hear a lot about cybersecurity and its importance in the workplace, it has become more important than ever to educate and train end users on cybersecurity best practices in the workplace and when working from home.

We have listed 10 key points that every business should look out for. 

Digital threats are becoming more sophisticated and educating your workforce on cyber security practices is the most effective way of preventing any security breaches.

With home working increasing during 2020 and into 2021, these remote working environments came with huge challenges with risks from phishing, malware and data storage and the possibilities of a breach.

With all the above in mind, we feel our 10 key points are the most important to look out for. Human error is the cause of 95% of cyber security breaches and with simple training protocols in place, this number can be dramatically reduced. Recent estimates suggest that only half of all employees receive training once a year and the importance of creating a ‘Human Firewall’ is more relevant than it has ever been.

 

1. Phishing Attacks

In the last year, we have seen a huge increase in phishing attacks. There was a huge amount of pandemic-related phishing emails. Google’s Threat Analysis Group reported in mid-April that they blocked 18 million COVID-19-themed malware and phishing emails per day.

Phishing attacks are still the most common cause of cyber-security breaches. Current figures clearly reflect the need for awareness of phishing attacks, research suggests 91% of successful cyber attacks are the result of a phishing scam.

Although companies are increasingly aware of phishing, it is still a growing threat in 2021, in part due to a lack of awareness on the employee level. By driving security training as part of the company's philosophy through recurrent security awareness training this number can be dramatically reduced over time.

By training your end users to recognise potentially harmful emails and reporting suspicious ones, this threat can be dramatically reduced. By offering cybersecurity training courses, employee awareness of such attacks can be dramatically improved with consistent training. Simulated phishing attacks can demonstrate the potential risk to your company from such attacks.

 

2. Removable Media

Another security awareness topic that is used daily by companies is removable media. Removable media is a portable storage medium that allows users to copy data to the device and then remove it from the device to another and vice versa. USB devices containing malware can be left for end users to find when they plug this into their device.

As well as understanding the risks your employees need to know how to use these devices safely and responsibly in your business. There are numerous reasons a company would decide to use removable media in their environment. However, with all technologies, there will always be potential risks. As well as the devices themselves, it is important your employees are protecting the data on these devices. Whether it is personal or corporate, all data has some form of value.

A few examples of removable media you and your employees might use in the workplace are:

  • USB sticks
  • SD cards
  • CD/DVD
  • Smartphones

This security awareness topic should be included in your training and cover examples of removable media, why it's used in businesses, as well as how your employees can prevent risks such as lost or stolen removable devices, malware infections and copyright infringement.

 

3. Passwords and Authentication

This sounds obvious but it is an often-overlooked element that can help your company's security is password security. Often commonly used passwords will be guessed by malicious actors in the hope of gaining access to your accounts. Using simple passwords or having recognisable password patterns for employees can make it simple for cyber-criminals to access a large range of accounts. Once this information is stolen it can be made public or sold for profit on the deep web.

Implementing randomised passwords can make it much more difficult for malicious actors to gain access to a range of accounts. Other steps, such as two-factor authentication, provide extra layers of security which protect the integrity of the account.

 

4. Clean Desk Policy

We have all seen it when people leave their passwords on a sticky note on their desk or in a book in an unlocked desk cabinet. Though many attacks are likely to happen through digital mediums, keeping sensitive physical documents secured is vital to the integrity of your company's security system.

Simple awareness of the risks of leaving documents, unattended computers and passwords around the office space or home can reduce the security risk. By implementing a clean-desk policy, the threat of unattended documents being stolen or copied can be significantly reduced.

 

5. Mobile Devices

IT technologies like mobile phones, tablets, laptops, Chrome Books etc have improved the ability for flexible working environments, and along with it more sophisticated security attacks. With many people now having the option to work using mobile devices, this increased connectivity has come with the risk of security breaches. For smaller companies this can be an effective way of saving budget, however, user-device accountability is an increasingly relevant aspect of training in 2021, especially for travelling or remote workers. The advent of malicious mobile apps has increased the risk of mobile phones containing malware which could potentially lead to a security breach.

Best practice online courses for mobile device workers can help educate employees to avoid risks, without high-cost security protocols. Mobile devices should always have sensitive information password protected, encrypted or with biometric authentication in the event of the device being lost or stolen. The safe use of personal devices is necessary training for any employees who work on their own devices.

The best community practice is to make sure workers should have to sign a mobile security policy.

 

6. Remote Working

The obvious need for remote working, combined with the increasing uptake, led to many companies taking drastic steps towards part-time to full-time working from home policies. Remote working can be positive for companies and employees promoting increased productivity and greater work-life balance. This does however pose an increased threat to security breaches when not safely educated on the risks of remote working. Personal devices that are used for work purposes should remain locked when unattended and have anti-virus software installed. If a company wants to offer this incentive, it should focus on educating remote employees about safe working practices.

It is likely that the home working trend will continue. Though we hope to see offices reopening and a return to normal working life, companies have increasingly hired remote workers, and those who have adapted to this lifestyle may prefer to work this way. The need to train employees to understand and manage their own cybersecurity is apparent. As we've seen there is an increasing threat landscape targeting these individuals. Ensuring they keep security top of mind is a key theme of 2021.

 

7. Public Wi-Fi

Some employees who need to work remotely, travelling on trains and working on the move may need extra training in understanding how to safely use public Wi-Fi services. Fake public Wi-Fi networks, often posing in coffee shops as free Wi-Fi, can leave end users vulnerable to entering information into non-secure public servers.

Educating your users on the safe use of public Wi-Fi and the common signs to spot a potential scam will increase the company’s awareness and minimise risk.

 

8. Social Media

We all share large parts of our lives on social media, from holidays to events and work. However oversharing can lead to sensitive information being available, making it easy for a malicious actor to pose as a trusted source.

Educating employees on protecting the privacy settings of their social media accounts and preventing the spread of public information of your company will reduce the risk of the potential leverage that hackers can gain from this access to your personal network.

 

9. Internet and Emails

Some employees may have already been exposed to data breaches, by using simple or repeat emails for multiple accounts. One study found that 59% of end users use the same password for every account. This means that if one account is compromised, a hacker can use this password on work and social media accounts to gain access to all of the user's information on these accounts.

Often websites offer free software infected with malware, and downloaded applications from trusted sources only is the best way to protect your computer from installing any malicious software. Educating employees on safe internet habits should be a key part of any IT induction, though some may see this training as obvious, it is a key part of the safety of any security programme.

Many large websites have had large data breaches in recent years, if your information has been entered into these sites, it could have been made public and expose your private information.

 

10. Security at Home

The threat of malicious actors does not stop when you leave the workplace. Many companies allow their employees to use their personal devices, which is a great cost-saving method and allows flexible working, however, there are risks associated with this. Unwittingly malware downloaded applications on personal devices can risk the integrity of the company's network if, for example, log-in details are compromised.

Additionally, The growing network of digital resources available to workers and companies has increased connectivity and productivity. However, these applications also pose a risk to the user, a study by Propeller found that phishing campaigns targeted to Dropbox had a 13.6% click-through rate. Increasing employee knowledge, sharing encrypted files and authenticating downloads will reduce the risk.

A Plus Security offer a vast range of IT Security Support Solutions, which can help your business maximise performance. To get in contact with us to see how we can help you call 01702 293157 or contact us here.

What our
clients have to
say about us

A Plus provides an excellent return on investment, not just through the solution installed, but the general experience they offer from pre-install to post-install and right through to the maintenance of the system. We knew we had made the right decision with A Plus as they offered a comprehensive and detailed proposal and project plan. The skill level of their engineers was a pleasant surprise with their knowledge of IT and networks, as well as electronic security, which made dealing with our internal IT team very smooth. Apart from that, the fact we never had to chase them for anything was a very nice surprise!

International Group of Schools

We chose A-Plus Security to carry out the upgrade of our electronic security systems for our 9 colleges and they have far exceeded our expectations in their approach to the projects. We are a UK wide organisation where the planning and mobilising of these major project around term times is time critical and A Plus Security have been nothing short of fantastic in the communication, there design proposals, openness to last minute changes, pre and post-sales support and their management of 3rd party companies and IT services. We would highly recommend A Plus Security to any organisation who are looking to install or upgrade their systems.

Nationwide Groups of Colleges

A Plus Security exceeded all expectations, following a late award of the contract due to a different contractor pulling out. All fire and security works were completed when requested and signed off on finish, with no issues noted. We have continued working with A Plus on following projects and would fully recommend them.

Operations Manager of P&M Electrical