A Human Solution to Cyber Security
Like you and everyone else in an office, I’m using a laptop to get my work done. It was given to me on my first day at the office and I had to set my password and log in to a hundred different programs to set everything up. When I was asked to change my password three months later I heard that a massive cyber-attack had spread across Europe (this was June 2017) and only a few weeks after this another ransomware type virus affected more than 150 countries.
One question came to my mind: is my personal and professional information safe?
Often cyber security is something that settles in the back of our minds and lays dormant as we do our jobs. It awakens for a few moments every three months or so when we have to reset our password, or in this case, whenever we read about a huge security breach in the news. However security is something that needs to be an active concern.
Even if you don’t think about it every day, I’m sure that you are just as interested as I am learning how to prevent cyber security breaches. Anyone who uses a laptop or phone at work or at home should be.
Saying “It won’t happen to me” could ruin your business
62% of cyber-attack victims are small to mid-size businesses. These businesses are at the greatest risk for an attack because their level of preparation is low. These businesses are also the most vulnerable because the cost of customer notification alone can be enough to do a small company irreparable financial harm.
Security is not just a technical solution, it’s a human solution.
Most security breaches are caused by user activity and improper employee training; it is usually easier to exploit human error than weaknesses in technical infrastructure (though good tech and coding is also important to security). So here we are going to focus on what we can all do as users rather than coders.
The following is a list of advice that everyone follow to increase cyber security at the office:
- Passwords are mandatory – They should be changed often (of course this is obvious but might as well start with the basics).
- Create specific access control for each user who is part of a project. Once they are out, erase their account.
- Don’t click unfamiliar links that you receive in your email, even if it seems like they are being sent by a reliable source or somebody you know. Stay vigilant and ask your IT guy for advice if you aren’t sure about something.
- Never exchange any personal information online – Phishing is very popular these days and there are many different techniques being used.
- Pay attention to physical security as well – Companies with many employees might assume that security badges are 100% effective but this is not true. Of course I’m not asking you to stare at everyone in the office the whole time you are on the clock but you can report any suspicious activity you happen to see.
- Install antivirus programs and keep them updated – You should always know how to use the programs installed in your computer and not ignore the warnings.
- Shut down or lock your laptop anytime you are not in front of the computer. An unlocked and unattended computer is an open invitation.
- Don’t deactivate your antivirus even if it slows down your computer at times. There are other ways to enhance the capacity of your laptop without sacrificing security.
- Don’t access your email account on an outside Wi-Fi connection (really you should avoid public Wi-Fi in general). Employees should be given access to a virtual private network (VPN) that allows them to securely access a corporate intranet network while they are outside the office.
- Back-up your data with the help of cloud or in house server solutions. This helps protect against ransomware and other types of cyber-attacks.
- Security automation tools help a company use scarce resources more efficiently.
- Prepare responses before an attack happens – If you have a plan ready you can respond much more quickly in the case of a cyber-attack and limit the damage done.
- Keep security as a top priority – Security might not push your project forward but it prevents it from falling backwards. Your data is your business and you need to keep it protected.
Most Security Breaches are Avoidable
Everyone should be aware that security breaches are mainly caused by exploiting human error. Companies should have a clear set of policies in place to prevent and limit this error. Every company should have a set of security best practices to follow and if you don’t have this in place now you should take time to draft up a set now. These best practices should also be common knowledge to everyone in the company instead of being kept away in a document that no one looks at.
If you want an expert to review your security and get it into top shape contact us to learn about the technical and security audits we offer.
Or if you want to read more, see what else Pentalog’s experts have to say about the security of your IT system.
Register for free to our online webinar on the new European Regulation on Personal Data Protection.
Tag: Information Systems