Whether you are a large or small business, academic institution, non-profit, or a government agency—cybersecurity in the workplace is everyone’s business.
In honor of National Cyber Security Awareness Week, and this week’s theme, we’ve put together a few tips on how organizations can instill a culture of cybersecurity awareness, and how to protect themselves against the most common cyber threats.
Cyber attacks have become commonplace
Cyber attacks have become so frequent across industries that cyber attacks are no longer a question of if, but when. Hackers are very persistent, and even as companies implement stronger strategies to defend themselves, hackers will work even harder to break through those defenses. For most organizations, they won’t know they’ve been hacked until it’s too late.
And while we might be sick of hearing of the sheer amount of cyber attacks occurring at very large companies containing our personal and confidential data, keeping the threat of cyber attacks at the top of our minds is the first line of defense.
Do a complete risk assessment
Organizations need to not only understand the internal and external vulnerabilities that can affect their business, but also what kinds of attacks they might be prone to. What points of weakness can lead to common threats—phishing and spoofing scams, social engineering, malware, systems hacking, pharming? Knowing how cybercriminal can gain entry to an organization’s assets is the second step in developing a strong cybersecurity strategy.
Develop & implement a security policy—and stick to it!
Easier said than done, but developing a security policy that is firmly ingrained into corporate culture is critical to ensure that cyber security is a shared responsibility among employees. What does this mean exactly? Cyber security policy should not only be an afterthought but rather embedded into the overall business strategy of the organization. Therefore, every process and every decision must be aligned with the policy—not the other way around. Your employees are your “army” in protecting your corporate assets, so educating them about safe practices, warning signs, and responses to a suspected hack is your first line of defense. Furthermore, implementing automatic security processes that remove the burden from the employee, and ultimately against human error.
Encrypt, Encrypt, Encrypt
Time and time again, some of the largest breaches have revealed that organizations never encrypted confidential and sensitive data. Encryption is often viewed as one of the most tried and true ways to keep data safe—whether that data is living on a database or in transit between users, browsers, and the cloud. If hacked, the only way a cyber criminal can access the data is with the encryption key. Granted, encryption keys should also be stored securely, and separate from the encrypted data. (Learn more about secure key management.)
Pick up the phone
This should be obvious, but verify any financial requests or transactions over the phone (and not via email or chat). Adding another layer of security such as multi-factor authentication can help protect your organization against scammers.
Keep your software up to date
Don’t delay updating your anti-virus software or other security applications. Up to date software will help you guard against the latest threats and keep your infrastructure secure.
Practice makes perfect
Remember in school when you had fire drills? These days organizations need “attack” drills. Having a plan of action in the case of a cyber incident, and making sure that your employees know exactly what to do is crucial for protecting your organization. Each drill will also highlight which gaps still need to be closed in terms of cyber security infrastructure.