Educating Employees to Protect Against Digital Attacks

Educating Employees to Protect Against Digital Attacks

Cyber security is something that all businesses should take seriously regardless of size.

In 2015, a survey found that 86 percent of business executives were concerned about cyber threats. And rightfully so—according to the Identity Theft Resource Center in California, the total number of data breaches reported increased from about 400 in 2011 to roughly 750 in 2015.

This indicates that the issue is getting worse; hence, it is extremely important for business owners to not only implement cyber security programs, but also to educate their employees on habits that protect against digital attacks.

The recommended strategy is to train users so that front line is strong.

Here are some ways that you and your employees can prevent intentional and unintentional leaks, both online and in the workplace.

Learn how to spot phishing emails.

Probably the number one email threat to businesses.

We have heard it all from Prince of Nigeria to Aus Post Invoices, but still it is very common for staff to click on such links and to get their machine infected.

“Phishing is the attempt to acquire sensitive information like usernames, passwords, and credit card details by posing as a trustworthy entity such as the company CEO, a business partner, or a customer.”

Modern mail servers like Office 365, Gmail etc have really good spam filtering services. I am still surprised to see POP3 email accounts routing through some US based web hosting company which does not even have spam filtering enabled. If you are a business owner, I strongly recommend to move to Office 365 as it can be a game changer.

We have heard it over and over and over and probably one more  over many times the user advising, I have just clicked a link in the email which was sent to me, If this email can not reach the users mailbox. It is job well done.

If you are using any third party mail service, Just send them a quick email asking if Spam filtering is enabled. It may be included in the service but may not have been enabled. If you do not ask you will never get it.

If you are a non for profit organisation Microsoft Office 365 essential is free.

Make the best use of Microsoft discounted software.

Office 365 has good spam filtering service and this can restrict the prince of Nigeria from reaching your inbox in the first place.

Microsoft provides really great softwares at $ 0 for NFP and it is sad to see lot of NFP not making the best use of this offer.

We know why.

The process of getting validated as a Non for profit from Microsoft can be a bit tricky. We know the tricks, just give us a shout and we are here to assist you.

There is absolutely no doubt the love Office 365 can bring to a small NFP.

Use strong passwords.

Have we not heard this over and over again ?

Avoid passwords that are easy to guess, such as a series of numbers in numerical order, names of popular sports, and personal information like birth dates. Use passwords that are 12 or more characters and combine upper and lowercase letters, numbers, and special characters.

In addition, it is recommended to change passwords every 45-60 days for admin accounts and every 3 months for non-admin users. Avoid common usernames such as “administrator” and “username” as well—these are easy prey for hackers.

I still cannot believe the top most common passwords for the year 2017

  • 123456
  • 123456789
  • qwerty
  • 12345678
  • 111111
  • 1234567890
  • 1234567
  • password

https://haveibeenpwned.com/ is a website which can advise you if your Email account has been compromised in any data breach. I would strongly recommend to check your email account on there. There have been LinkedIn Account breaches, Adobe Account breaches, iCloud and the list can go on.

Employ two-factor authentication.

Cyber criminals rarely steal a victim’s password and phone at the same time, which is why this method is so effective.

An advanced yet underused security tool, two-factor authentication double confirms a user’s identity by sending a text message with a passcode that they need to enter to verify their identity.

Two-factor authentication makes sure that the user knows their password and has access to their phone.  

Keep devices up-to-date.

As they say prevention is better than cure.

Just having the latest updates for operating system, softwares, AV and browser are really good defences against online threats, This applies to both computers and phones.

Ninite is the choice here at Technowand for ad hoc support, it is so simple and easy to use that I forget the last time I actually downloaded Chrome , iTunes or even Java. Ninite does the trick really well. Just visit www.ninite.com select the programs you want to install / update and click on Get your Ninite. It downloads a small file and the rest can be said as magic.

Beware of social media scams.

Make sure your employees know about social media scams. Some of the most common attacks that occur on Facebook, according to The Huffington Post, are fake pages, click-jacking, rogue applications, phishing schemes, and the Koobface worm, which allows hackers to control the victim’s device and replicate the attack to all their Facebook contacts.

Employees also need to be wary of suspicious direct messages on Twitter, where 57 percent of users are considered “questionable,” according to CNET News.

Don’t forget mobile security.

As more and more companies allow employees to bring their own devices to the workplace and connect to corporate networks through these devices, businesses are placed at a higher risk for cyber threats.

To secure their mobile devices, employees must set a PIN or passcode, which can prevent theft from happening in the first place. It’s also a good idea to install remote locate apps such as Find My iPhone (iOS) and Find My Device (Android) to help find lost or stolen phones should it be necessary.

Also a good idea would be to identify and document the IMEI numbers of mobile devices.

Invest in a managed IT services provider.

While it is highly recommended that you educate your employees on cyber security and have them follow best practices, a managed IT services provider proactively prevents leaks and mitigates damage on your behalf.

Some of the services that a managed IT services provider can provide include keeping employee devices updated with the latest antimalware and antivirus software, applying updates to programs when new versions and fixes are released, and offering guidance on security issues.

In short, a managed IT services provider helps you implement cyber security measures so that you can focus on running your business instead of managing these solutions.