Every business, no matter its size or industry, is entrusted to protect sensitive information, such as employee information, customer databases, financial details, vendor information, company projects and pricing, and more. When this data is compromised, and a cyber-attack occurs, you may lose the trust of those you do business with and even suffer substantial financial setbacks due to lost business and costs associated with dealing with damages.
October is National Cyber Security Awareness Month, and the United States Department of Homeland Security is reminding everyone that cyber security is a shared responsibility. You can’t rely solely on your IT department – every employee in your organization must work together and do their part to protect your company’s data and actively keep cyber security top of mind
We’re all aware of the damage a cyber-attack can cause. Equifax, Yahoo, Target, Sony, and eBay are just a few of the victims of cyber breaches that exposed the personal data of billions of consumers worldwide.
In today’s technological society, investing in the proper tools to keep your company’s data secure is essential. Cyber-attacks are becoming more advanced and being prepared can mean the difference between staying afloat and going out of business.
According to the Online Trust Alliance, the number of cyber incidents targeting businesses almost doubled from 82,000 in 2016 to 169,700 in 2017. Of those incidents, 93 percent could have been avoided with simple cyber security practices.
In addition, research conducted by Cisco in 2017 shows that 29 percent of organizations that suffered a security breach lost revenue. The U.S. Securities and Exchange Commission found that 60 percent of small businesses went out of business within six months of a cyber breach.
Every company should be regularly reminding and training its employees on the importance of cyber security. Whether you have 10 or 5,000 employees, your company has a legal responsibility to protect consumer and employee data as well as the privacy of every entity you do business with.
Is your company prepared in case of a cyber breach? If not, we’ve compiled the cyber security essentials your employees should be practicing daily to help keep your company’s information secure
Organize regular security awareness trainings so that every member of your organization is educated to understand and recognize cyber vulnerabilities and threats. In addition, employees should be aware of protocol for using any technology connected to your business’ network.
By creating a company culture of shared responsibility for cyber security, you empower each employee to be a guardian of your company’s data and network.
A well-thought-out cyber security policy can help guide your employees during daily operations and instruct them on the necessary steps to take in the event of a cyber-attack.
Firstly, your company’s security policy should detail preventive measures every employee must undertake to reduce the company’s risk of an attack. This risk management policy should include best practices and procedures designed to keep employee, customer, and vendor data secure. Depending on your industry, your cyber security plan may need to be more or less sophisticated to protect the information your company handles.
Secondly, the policy should provide step-by-step instructions on how a cyber security breach should be reported and appropriately handled. Who should be notified of the attack? What should each employee do following the attack? How should your IT team mitigate and investigate the threat? What happens after the immediate threat has passed? These are the questions your plan should answer and provide instruction for.
Some businesses will choose to create a cyber security plan internally, but many will bring in outside security consultants to identify risks and help develop a plan that can be adapted as your business environment changes.
Once you’ve prepared your employees to properly handle cyber threats, make sure your company is protected from the inside out. Put network restrictions in place to reduce the risk of employee-caused breaches, whether accidental or malicious.
Network restrictions can include limiting who is able to connect to your network as well as what employees are able to do once they’re connected. It’s smart to restrict certain parts of the network to only those who need access. For example, not many people outside your accounting department will need access to files containing detailed financial records. Restrict access to those files to only your accounting department and other executives who need this information on a regular basis.
Use of company computers and accounts should be restricted to authorized personnel only. Make sure your employees do not share company account information or computers with anyone outside the company, even clients or trusted vendors. In the same way, employees may have different levels of access to company software or technology; sharing this access with unauthorized employees should be forbidden. Implementing individualized logins and tracking how these logins are used on company devices can help prevent unauthorized usage.
In addition to safeguarding your internal network, it’s important to secure your company Wi-Fi. Wi-Fi networks can easily be hacked to gain access to company data. Make sure your internet connection is secure and can only be accessed by employees. For guests, set up a separate Wi-Fi network that allows non-employees to connect to the internet in a way that prevents them from accessing things they shouldn’t.
Using the internet wisely and cautiously is one of the best ways your employees can contribute to the security of your company.
Email scams, like social engineering and phishing, are commonly used by hackers to gain access to your company’s network. In fact, 56 percent of data breaches in 2016 were linked to phishing. Employees should be aware of email scams and not respond to or click on suspicious emails. If emails come from an unknown address, have spelling errors or unusual characters, request urgent information not normally requested via email, or have links pointing to suspicious destinations, they are most likely a scam and an attempt to release malicious software onto a computer.
Employees should have rules in place for browsing the internet. Restrict access to certain websites while employees are using computers or connected to your Wi-Fi network. You can use software that blocks employee attempts to navigate to suspicious or potentially malicious websites. Additionally, create a policy that requires employees to receive authorization from IT professionals or someone else within your organization before hitting the install software on a company computer.
It’s important to educate your employees about safely connecting to external Wi-Fi networks. If working outside of the office, connecting to public Wi-Fi networks can potentially expose employee computers or handheld devices to threats. Instruct employees to only use secure networks while use company devices.
Regularly update company computers and mobile devices as well as any operating systems or software your employees use. Making sure everything is up to date helps protect your company from known threats or vulnerabilities. Out-of-date software exposes your networks to hackers who have discovered security loopholes.
Some companies choose to manually push updates to employee computers to minimize the risk of employees forgetting to update certain programs.
Strong passwords help ward off hackers by making it difficult to gain access to accounts. Train all employees on how to select strong passwords and the importance of having a unique password for each account they use. It’s a good idea to regularly remind employees to change their passwords at least every three months to keep systems secure.
A strong password should:
Some companies are implementing password storage software that securely houses all employee passwords.
Two-factor authentication, or multi-factor authentication, programs add an extra layer of security to employee passwords. These programs require the employee to enter their password and then enter a user-specific code that is typically sent to them via a device only they have access to, like a cell phone.
Remind employees to regularly back up their files and information to a secure location. If information is stolen or goes missing, having backed up files can protect your company from hardship. Encryption and passwords can provide another layer of protection for any stored data.
Perhaps the easiest way for employees to protect company information is to always store and lock company computers, mobile devices, and physical files in a secure location. Never leave company resources unattended where anyone can gain access to them.
Sometimes, training employees about cyber threats isn’t enough – employees with basic cyber security training can only do so much to protect your company from serious threats. As cyber-attacks become more commonplace and security technologies are forced to become more complex, businesses are recognizing the need for fully trained cyber security professionals.
According to CyberSeek, there were nearly 780,000 employed cyber security professionals and 350,000 unfilled cyber positions in the U.S. in 2017. The ISACA, a nonprofit information security organization, predicts the number of unfilled cyber security possessions could jump to two million around the world by 2019.
This lack of cyber security professionals could leave businesses and organizations open to threats simply because they do not have the skills to catch or stop hackers. Unfortunately, even though cyber security is one of the fastest growing fields, there just aren’t enough trained cyber security professionals to go around. The demand for cyber security skills is astronomically higher than the number of professionals in the job market.
A Global Information Security Workforce Study conducted by (ISC)2 found that millennials are not replacing the older workforce in the cyber security industry quickly enough. The study found that only seven percent of cyber security professionals were under age 29, and the average age of cyber professionals is 42. The study also found that not only is the industry failing to attract a younger workforce, but also women – females currently only make up 11 percent of the cyber security workforce.
Luckily, colleges and universities are beginning to offer cyber security degrees to help fill the growing need for cyber security professionals.
Rose State College’s Cyber Security/Digital Forensics associate degree program prepares students to enter the exciting world of information security. Students who complete the program will be trained in ethical hacking, networking, data recovery and analysis, basic reverse engineering, mobile and wireless technology, forensic investigation methods, remote access technologies, and more. Upon completion of the program, students will also be prepared to pass industry certification exams.
Rose State is an official CAE2Y Academic Institution for Cyber Defense Education. To learn more about our cyber security program, visit www.getstartedatrose.com/cyber today.