Preventing cyber attacks with employee education and training

When companies consider their security posture and cybersecurity strategies, there are two areas that are often overlooked – maintenance and employees. Cybersecurity is not a one and done project. Hackers are evolving their methods and there are new ransomware, malware and phishing activities happening every day.

The only way to mitigate risk is to monitor your systems 24/7/365. For most organizations, finding an in-house team with the right skill set is often hard to find or is not cost-effective. Trusted IT partners can provide experienced outsourced support from strategy to implementation and complete managed services.

While investment in cybersecurity can be viewed as an added expense or unnecessary insurance policy, organizational leaders must consider the long-term impact and expense of a cyberattack.

Without a strong security plan in place, the costs that come with a cyberattack – employee and member data loss, business disruption, revenue losses, brand reputation – can last for months or even years, and in some cases, organizations are unable to recover. Research shows that 59% of buyers are likely to avoid companies that suffered from a cyberattack.

We live in a world operated by the Internet of Things (IoT) – refrigerators, cars, and even bathroom mirrors are wifi enabled and operate using digital applications. According to the World Economic Forum, attacks on IoT devices soared by 300% in 2019 and are expected to double by 2025.

As we’ve shifted to a mostly remote workforce, cybersecurity risk analysis of employees and their home workspace is more critical than ever before. In-office infrastructure protection is not enough. Organizations must train and continually educate employees of potential risk.

Here are 5 simple security tips for remote workers:

  1. Have separate devices for work and personal use
  2. Connect to a secure network: Ethernet/wired connection or a WPA1 (Wi-Fi Protected Access 2)
  3. Update your software (PC’s, smartphones, tablets, router, modem firmware, etc.) make sure they are running on the most current version of software
  4. Password Protection – Password or credential stuffing is a cyberattack that tries “stuffing” already comprised username and passwords from one site into another site in hopes that the user uses the same login information across platforms. Changing passwords often and creating complex passwords reduces risk of hackers accessing systems. Use different passwords on different systems and accounts – reset your passwords every few months and use a password manager to keep track. When creating a password, use the longest password allowed along with a mix of uppercase and lowercase letter, numbers, and symbols. And don’t forget your WiFi at home and the office – limit who has access and change the password every few months.
  5. Limit your clicking – Phishing attacks are fake messages from a seemingly trusted or reputable source designed to convince you to reveal information, give unauthorized access to a system, or click on a link. These can come through emails, text messages, phone calls or social media messages. Stop and think before you click on links. Instead, go directly to the web site, check emails for red flags like spelling errors, urgent requests, and sender email address.

A strong security posture is critical for organizations to protect assets, and consumer and employee data. Cybersecurity strategies and investments are necessary but human asset protection cannot be overlooked. Properly training and educating employees across all levels and departments to understand the threats, risks and impact personally and professionally can drastically improve your organization’s ability to protect its assets and data from cyber attacks.

Michael Seidelman

Michael Seidelman

Michael Seidelman is Director of Cybersecurity for Think|Stack, a Managed IT Services CUSO specializing in cloud and cybersecurity solutions for credit unions and non-profits. He can be reached at ... Details