Cyber security awareness is the combination of both knowing and doing something to protect a business’s information assets. When an enterprise’s employees are cyber security aware, it means they understand what cyber threats are, the potential impact a cyber-attack will have on their business and the steps required to reduce risk and prevent cyber-crime infiltrating their online workspace.
Mistakes
commonly done due to lack of awareness are:
1. Opening Emails from Unknown People
Email
is the preferred form of business communication Opening an unknown email, or an
attachment inside an email, can release a virus that gives cybercriminals a
backdoor into your company's digital home.
Solutions:
1.
Advise
employees not to open emails from people they don't know.
2.
Advise
employees to never open unknown attachments or links.
2. Having Weak Login Credentials
Repetitive
passwords that use personal information, such as a nickname or street address,
are a problem. Cybercriminals have programs that mine public profiles for
potential password combinations and plug in possibilities until one hits. They
also use dictionary attacks that automatically try different words until they
find a match.
Solutions:
1.
Require
employees to use unique passwords
2.
Add
numbers and symbols to a password for increased security.
3.
Create
rules that require employees to create unique, complex passwords of at least 12
characters; and change them if they ever have reason to believe that they have
been compromised.
3. Having Access to Everything
In
some cases, companies don't compartmentalize data. In other words, everyone
from interns to board members can access the same company files. Giving
everyone the same access to data increases the number of people who can leak,
lose or mishandle information.
Solutions:
1.
Set
up tiered levels of access, giving permission only to those who need it on each
level.
2.
Limit the number of people who can change
system configurations.
3.
Don’t
provide employees with admin privileges to their devices unless they really
require such set up. Even employees with the admin rights should only use them
as needed, not routinely.
4. Lacking Effective Employee Training
Research
shows the majority of companies do offer cybersecurity training. However, only
25% of business executives believe the training is effective.
Solutions:
Provide
annual cybersecurity awareness training. Topics could include:
·
Reasons
for and importance of cybersecurity training
·
Phishing
and online scams
·
Locking
computers
·
Password
management
·
How
to manage mobile devices
·
Relevant
examples of situations
5. Not Updating Antivirus Software
Antivirus
updates are important, should be handled promptly and shouldn't be left to
employees.
Solutions:
1.
Set
up all system updates to take place after work hours automatically.
2.
Don't
let any employee, no matter what their title, opt out of this company policy.
6. Using Unsecured Mobile Devices
Every
device should be password protected. If a device is lost or stolen, have a
point of contact to report this to and steps taken to deactivate the device
remotely.
Use
endpoint security solutions to manage mobile devices remotely.
Don’t
conduct confidential transactions using untrusted public Wi-Fi.
No comments:
Post a Comment