Cyber security should be at the forefront of all corporate strategies. However, even as the cost of data breaches and ransomware continues to rise, many companies still lag behind.
The costs of training staff and investing in cybersecurity systems can seem high. But when around 60% of small businesses targeted by cyber attacks go out of business within 6 months, it’s clear that perspective needs to change.
So we’ve put together a quick checklist of measures to take if you need to educate staff about online dangers.
1. Train all employees to use email encryption
Just think about the amount of sensitive information which flows between your employees on a daily basis. From credit card details of clients to strategic objectives, addresses of partners, and gossip about finances, emails are crammed with useful details that malicious actors would love to have.
Encryption locks away this data. By providing authorized employees with encryption keys, companies can ensure that each communication is secured, keeping information as confidential as it needs to be.
However, this requires training. Staff need to be disciplined to make sure they only use authorized email servers and providers. Encryption can sometimes add extra layers of processing and work - so you’ll need to impress upon them how vital it is. Otherwise, staff could easily backslide into unsafe practices.
Fortunately, email encryption isn’t hard. Check out this guide to how to encrypt email for a very quick, easy explanation.
2. Invest in a high-quality VPN
Virtual Private Networks are essential security tools for all companies, large and small. However, some organizations feel that the cost and inconvenience of implementing VPN based security are not worth their while. That’s a big mistake.
VPNs add encryption to everything that leaves and enters your systems and makes any activity anonymous to outsiders. This negates the potential for some of the worst cyber attacks, such as ransomware or man-in-the-middle hijacks.
But as with encryption, it’s not enough to buy a reliable VPN (such as NordVPN) and pay big bucks to ensure that it is properly installed. You’ll also need to educate your team about how to use the VPN, and why doing so is absolutely vital to corporate health.
For instance, staff may use their smartphones or laptops for work emails on unsecured private networks. If they are just firing off a quick message to colleagues, they may not feel the need to engage your VPN. We know that those type of networks is highly vulnerable to malicious actors, and one unsecured email could spell disaster.
So there are two challenges here: find and implement a VPN which covers your whole network under the shelter of ironclad encryption and IP address anonymization, and teach staff how to use it. The two have to go together.
3. Make sure your staff are attachment savvy
Attachments are probably the weakest of all corporate weak spots. Countless ransomware attacks have propagated by staff members casually clicking on attachments, only to find that they have triggered a system-wide meltdown - WannaCry being a great example.
There’s no indication that this style of attack is going away. In fact, with the wide-scale adoption of Cloud storage, it seems to be spreading to third-party systems as well.
This makes it essential to educate staff about how to deal with attachments. Now, we all know that attachments are often needed, from delivering project assessments, to site videos for real estate vendors. But they need to be handled very carefully.
For instance, stress to employees that they should never open attachments from unknown senders until they have checked that the file is legitimate. As a rule, staff need to think, investigate, assess, and then act. Opening a suspicious file should be the end point of that process, not the beginning.
If necessary, attachments can be quarantined and opened under controlled conditions. But the key point is to have an employee checklist which eliminates haste and encourages caution.
4. Ensure that training is regular and systemic, with no exceptions
If you want to minimize the risk of falling victim of a cyber attack, you’ll need to create a workplace culture which ensures that staff are constantly vigilant and well-informed. In an ideal world, employees would arrive at companies with an in-depth knowledge of digital safety, but that’s not the case. And it certainly shouldn’t be assumed.
Instead, create a rolling program of cybersecurity training. Individuals should engage in seminars and discussions about their security practices at least once a year, and they need to be formally assessed to make sure that the training has become embedded.
Moreover, this training has to reach all the way to the top (and bottom). From the lowliest intern to the CEO, everyone has a responsibility for cybersecurity. As numerous whale phishing episodes have demonstrated, data breaches often come from the boardroom, where arrogance trumps safety. Don’t let that happen to you.
Mix training, tech and common sense to create a cybersecurity strategy
Poor cybersecurity is becoming one of the most common causes of business failure among small and medium-sized enterprises, but it’s not that hard to educate your staff to minimize security risks.
By adopting solid email encryption, using a reliable VPN, and optimizing your training systems, you can make your defences much more effective. So don’t hesitate. Any delays could leave you open to digital security disasters.