It’s been deemed the ‘new normal’, with cyber attacks in the news every day. Even in July this year it’s been reported that large businesses are the most vulnerable to cyber attacks, despite having greater budgets and resources.
The UK Government’s cyber security breaches survey found that only 30% of firms had cyber security policies in place, and that only 10% had an incident management plan. These statistics will be deemed alarming to the majority, considering the cost of cyber incidents to UK firms is over £30 billion. Many businesses are having to adopt new strategies in their fight against cyber threat; it’s not just an organisation’s reputation that can be damaged by a data breach – the financial costs can have a more severe, long-term effect.
It’s been reported that 75% of organisations suffered a staff-related security breach. However, it’s never the right approach to blame individuals. Each employee will need to be (and should be) trained in order to know what to look for, before, during and after each day. They need to be made aware that companies are targeted in a number of ways, such as phishing, physical theft and spam, all of which can drastically harm your business. But fortunately, there are different methods of training an employee can undergo to be as prepared as possible.
Preparing your staff for a cyber attack is a crucial process as an organisation in being as thorough and organised as possible. Cyber security awareness is needed, with Falanx offering training to help you and your colleagues understand the drawbacks and consequences of what to look out for. A security aware culture is necessary across the whole of an organisation, for all staff to be fully attuned and ready to face what threats that might transpire.
Training employees to look out for scam emails and messages is critical in preventing cyber attacks. Business Email Compromise (BEC) attacks target companies by extracting from unknown recipients. This could be in the form of a fraudulent email sent from someone pretending to be the company’s CEO to the HR department. Completely unaware, a HR manager willingly sends personal employee data to a scammer. By offering phishing and spam training, employees will be more aware of what to look out for and stay alert if something looks suspicious.
Acceptable Use Policies are also very effective in the workplace. Teaching your staff which websites staff are allowed to use is a safe and secure method of minimising risk. Once a policy is in place, it’s important to regularly re-establish it with your team. Refreshing the memories of your employees keeps the policy front of mind and leaves no grey areas for what is or isn’t classed as a threat.
A lot of this on trust: support from a line manager, and confidence in feeling comfortable enough to report potential breaches. If employees are made to feel comfortable about reporting incidents, they will be more receptive to come forward. This becomes embedded in a ‘blameless’ work culture, where employees feel confident and prepared.
Another hot topic when discussing cyber attacks is password training. It’s good practice for staff to be contact with their IT department to agree a reasonable password change frequency and implement that straight away. Anything that contains more than 7 characters, an upper-case letter, a number, and a symbol should be strong enough to prevent casual attacks. See our blog on what makes a safe password.
Proper device management, where employees should be aware they need to update all software when new updates become available, and Remote Access and Wi-Fi training, are two other methods companies can adopt. By setting up a Virtual Private Network (VPN), employees working remotely should use the VPN at all times for all activities. Wi-Fi networks should be password-protected and feature strong security settings, where it’s strongly advised employees using tablets and smartphones should always opt to use the device’s cellular plan, rather than an unknown Wi-Fi network.
Falanx Cyber Security Awareness
Falanx’s Cyber’s methods are designed to help educate your staff, who are paramount as the first and last line of defence against cyber attacks.
We offer three different types of training to accommodate your business needs and services: Face-to-face sessions, a board-level presentation and complete awareness programme management.