Cyber Security Starts in the Workplace
Good workplace cyber security hygiene can mean the difference between an attempted attack and a massive data breach.
A recent Dell End-User Security Survey found that 72 percent of workers are willing to share confidential company information without relying on the organization’s data security rules. Even one instance of bad actors phishing for this kind of information could prove to be detrimental to a business.
From education to updating patches, there is a myriad of small steps to take that will add layers of extra protection to a company or federal agency’s networks and devices.
Often times an employee is unaware of the security threats surrounding them. It’s doubtful they’ve heard of WannaCry or even know why a patch could save them from inviting cyber-invaders.
Those in the IT community can suffer from the “curse of knowledge,” meaning because we’re so deeply embedded in the security world we forget that average workers aren’t generally as plugged-in.
Employers should develop targeted training programs that help those who don’t understand the basics of cyber security and the things they can do on a daily basis to help mitigate the threat.
For example, Cisco sends out a quarterly phishing exercise email to every employee. This gives them a chance to become more skilled at spotting cyber attacks in a setting where, if they make a mistake, it won’t mean disaster. If a worker does click on the phishing email, they are notified and trained on how to better spot actual attacks.
In a Gartner blog from last year, analyst Avivah Litan proved how effective thoughtful training can be for a company. In 2014, a large Midwest energy firm set out to educate its workforce on cyber security and installed a team of business leaders across all sectors that met regularly to discuss and deploy education initiatives.
The results? The energy firm’s security instances dropped from over 400 in 2014, to less than 100 in 2016. That’s an 80 percent reduction and it didn’t take a system overhaul to do it.
The National Cyber Security Alliance, a cyber security awareness group made up of top technology leaders, suggests laying out a clear program and guidelines for employees to follow. The simpler, the better.
Some suggestions include:
- Clear cut rules for what programs, apps and data workers can install and keep on their computers
- Best practices for strong passwords, including adding numbers and symbols as well as updating them frequently
- Instructions and reminders on how to properly and safely back up work
- Channels for speaking out if something seems strange on a worker’s device
These may seem like simple, mindless suggestions, but often employees don’t know the answers to these basic questions. Codifying them can be a huge help and streamline the education process.
Beyond the Office Walls
Cyber security in the workplace isn’t just relegated to the physical space. With nearly a quarter of the U.S. workforce telecommuting at least part of the week, the “office” has become any place with a Wi-Fi connection. And that’s as potentially dangerous to a company or government agency as working inside the physical office itself.
According to Iron Bow partner Cisco: “Many people equate ‘free’ Wi-Fi with ‘safe’ Wi-Fi, but that is simply not the case. With the connected workplace expanded well beyond company walls, both employers and their mobile workers need to approach online security differently.”
Employees should make sure their personal digital devices are always updated with the latest patches and bug fixes. This may seem like a small step in the sprawling landscape of cyber attacks, but recent breaches have proven otherwise. Both WannaCry and Nyetya attacks could have been prevented if users had upgraded their Windows devices to include a patch that closed up the vulnerability. That patch was made nearly two months before the WannaCry attack, but hundreds of thousands of people failed to update their devices.
Make Cyber Hygiene a Priority from the Top, Down
All of these suggestions are the least a company or agency can do to make sure their employees are practicing good cyber hygiene. There are many more ways to affect that goal, but the most import action to remember is that everyone, from the CEO or administrator on down, must be proactively committed to cyber security best practices in the workplace.