3 employee-focused cybersecurity tactics your business
Most businesses consider their employees to be their greatest assets. While this is undeniably true, when it comes to cyber security, employees can also present the greatest risk. Today’s blog covers three employee-focused cyber security tactics your business can harness to help you prevent a cyber security incident. This is not a comprehensive list but highlights some high-value actions that can get you started on your way to cyber security.
A recent poll by Google/Harris found that two-thirds of end-users in the U.S. use the same passwords for multiple applications such as banking, social media, and email. At the same time, 27 percent of cyber breaches at SMBs are caused by stolen credentials and 16 percent by password dumpers (Verizon). These statistics illustrate the danger that passwords can pose to businesses and the benefits that they can gain from utilizing password management—especially as much of the workforce continues to work remotely due to COVID.
Password strategies have changed over the years. We all remember writing our passwords down on a sticky note on our monitor or hiding it under our keyboard. Then there were the extremely long passwords that still required users to write them down because they were a long string of characters that meant nothing to them. Now, password management involves changing passwords frequently so that by the time a bad actors gets ahold of a password, it has already been changed. But this too, requires humans to remember new passwords, so they go back to writing them down.
Utilizing a password management solution provides your employees with a secure way to store and retrieve their passwords and generate secure passwords every time they need a new one. These solutions help mitigate the human element of handling passwords by creating high-strength passwords for all of the systems and sites employees use, encrypting them, and storing them in a secure vault on the employee’s device. Eventually, biometrics will take over the need for passwords. But until then, password management can take the frustration out of passwords and help your company prevent cyber attacks.
Let us Help
Content and email filtering
We’ve all seen the horror stories—an employee clicks on a link in a legitimate-looking email, unleashing malware on the organization. Your employees are human. Even with training and knowledge, they will eventually make mistakes and click on email links or websites that they shouldn’t. A recent study found that phishing attacks are the biggest threat to SMBs and are the source of 30 percent of breaches. Malicious attempts that occurred during COVID illustrate how easily human errors can happen. According to Google, during April 2020, there were 18 million malware or phishing Gmail messages detected every day that were COVID-related. People were desperate to understand this new virus, and bad actors took advantage of the widespread fear.
How can you protect your business from cyber security incidents that arise from these mistakes? The answer is content and email filtering. Content filtering, also known as DNS protection, prevents users from accessing a known list of harmful sites such as malware and ransomware sites, even when they click on them. And email filtering keeps potentially harmful or suspicious emails from getting to your workers’ inboxes by utilizing anti-impersonation technology, anti-spoofing technology, and anti-phishing technology.
Security awareness training
Employees can be the weakest link when it comes to cyber security and are involved in one-third of security breaches (Security Magazine). Even with your company’s investments in cyber security tools, employees can still inadvertently cause harm to your business. For example, an employee can review their blocked emails, deliver them, then click on an email that they deemed safe but that contained malware.
To address these risks, one of the best cyber security investments SMBs can make is security awareness training for all employees. But 66 percent of SMBs don’t offer cyber security training to their employees (Info Security Magazine). Security awareness training teaches employees how to recognize and avoid threats, and continuously updates them on new cyber criminal tactics. The training can cover topics such as handling credentials and passwords, email and internet dangers, mobile device policies, incident response, and more. It may include initial testing of employees, sending out fake phishing scams to determine who is most likely to put the company at risk, and macro and micro-trainings on recognizing threats.