How Much Do Your Employees Actually Know About Cybersecurity?

Image Credit: TheDigitalArtist on Pixabay

In 2017, the globally known company Deloitte faced a cybersecurity crisis. That is, a cyber attack led to their blue-chip client data being compromised. The reason? The admin account that had access to their global email server did not have two-factor authentication.

Another catastrophic data breach took place at American Superconductor Corp (AMSC). That incident was caused by a former employee who brought the company’s intellectual property to his new employer, Sinovel. To make matters worse, Sinovel and AMSC are competitors. As a result of this former employee’s treachery, AMSC’s losses exceeded $1 billion. Plus, they almost went out of business.




Do You Think It Will Never Happen to You?

These stories may seem like it-will-never-happen-in-my-company narratives. But let’s agree on this: your partners, your suppliers, your third-party vendors, and your current employees all represent a significant threat to your cybersecurity. Nonetheless, studies reveal that companies often miss this fact. When they do, they end up suffering sometimes ruinous losses.

A report from Shred-it shows that employee negligence—for example, an accidental loss of a device—caused 47 percent of organizations’ data breaches. Moreover, these data breaches cost organizations an average of $3,6 million globally in 2017. The report also revealed that more than 25 percent of respondents leave their computers unlocked and unattended. These numbers prove that even small mistakes can backfire and cause significant harm.

So, what actions could you implement to minimize the risks of a data breach in your company?


  • Communicate the Idea of Cybersecurity to Your Employees Clearly, Consistently, and Often

First of all, before you start, take the time to analyze the weakest points in your company’s cybersecurity. Then, define your company’s cybersecurity policy based on those weak points.

However, don’t forget to add basic information about how to read URL links. You want your employees to be able to recognize malicious emails or phishing attacks. What’s more, if your company has remote workers, ensure that those employees apply good cybersecurity practices outside of the office.

If you already have a good cybersecurity policy in hand, start a cybersecurity onboarding program for your employees based on that. However, remember that new vulnerabilities arise every day. Therefore, your IT department should continuously work to inform employees about possible types of attacks. Communication is key. Moreover, leaving your cybersecurity policy in a drawer is not an option.


  • Ensure Passwords Are Strong Enough

Remember Deloitte’s case mentioned earlier? A weak password cost them a lot. Make sure your employees understand the difference between strong and weak passwords. Two-factor authentication (also known as multi-factor authentication) is a way to ensure additional protection. Implementing two-factor authentication in your employees’ daily practices can be a huge step forward.


  • Communicate the Importance of Encryption

A study by Zug revealed that 70 percent of professionals work remotely at least once a week. Around 53 percent do so for at least half of the week. However, according to the study, more than half of small business owners admit they don’t have a cybersecurity policy for their remote workers.

If you are in a similar situation, you need to make sure your remote employees’ Internet connections are as secure as those for your in house employees. This can be tricky, as unsecured WiFi at various coffee shops can cause a serious threat to employees working remotely.

One of the solutions for upgrading security to the next level is a third-party VPN (virtual private network) service. A VPN can encrypt traffic and establish a secure and private user’s connection to the Internet. By rerouting all traffic that travels between the device and the web’s servers, a VPN creates a secure tunnel that is virtually impenetrable.

However, choose your VPN wisely. Look for the ones offering a no logs policy. That’s because if your VPN retains user activity logs, third parties could get access to your transferred data.


  • Help Employees Understand the Importance of Backups

Your employees don’t necessarily know how important backups are. They also might not understand that sometimes backups don’t work.

In some cases, when a cyber-criminal takes over access to a computer, the victim panics and even thinks about paying a ransom to get their files unlocked. Various companies are the primary target for criminals working on this kind of attack. And this comes as no surprise, as firms are often ready to pay much more than individual users are for getting their important data back.

Therefore, take the time to teach the employees the 3-2-1 backup rule. This rule suggests keeping three copies of all data. They should be stored on two different media, and one backup copy should be stored offsite. If something terrible happens, you can quickly restore data and avoid the possible stress and losses.


Strong Cybersecurity Is an Ongoing Concern

Creating a strong cybersecurity culture in your company won’t be a one-day job. On the contrary, it’s a never-ending process with a single primary goal. This goal—changing your employees’ mindset —is not an easy goal to reach. However, work diligently toward helping employees understand that small habits are of enormous importance. What’s more, all of those small habits will pay off in the long run.