According to the ICO, 88% of UK data breaches are caused by human error rather than cyber-attacks.
The most common errors involve sending sensitive data to the wrong person – which make up 37% of reported data breaches, the majority of which happen over email. Other errors include loss (or theft) of paperwork and storing data in insecure places such as a public cloud-servers.
Effective cybersecurity is more than the latest software and firewalls – these things alone cannot eliminate occasional employee blunders, but you can certainly have the necessary steps in place to limit them by creating the building blocks of a strong cyber secure culture. So we’ve created this list - as a starting point - so that you’re less likely to become another statistic.
Say no to QWERTY
Managing employee passwords is an ongoing struggle for most IT Managers and ensuring that employees are changing their passwords frequently and maintaining that each one is complex and unique, is a difficult task to oversee.
Despite knowing better, some employees still prefer to take the path of least effort – with over 70% using personal passwords at work. Therefore, when it comes to password and security awareness, make sure your workforce is reminded that passwords need to be:
- Long, complex and unique
- Changed frequently
- Not to feature personal details such as birthdays, names of pets and holidays
- Not shared! Even though it may seem convenient in the moment - this could eventually be disastrous.
It also doesn’t hurt to have a two-factor authentication process to create a safety-net for compromised passwords.
Secure in a flash
It goes without saying that devices such as flash drives have revolutionised the way we exchange data. Their ease of use however can mean that employees can neglect basic cyber security measures whilst hastily downloading key data for their next conference or client meeting.
If not secured properly, they can be a liability. They may be small and convenient but they can be easy to lose and using an insecure one can lead to disastrous data breaches.
Deleting data on flash drives isn’t good enough to protect your assets – find out how to secure your flash drives properly here.
Security over convenience
With sweat-inducing deadlines to meet, many employees often won’t consider correct security standards. Choosing to bypass urgent security updates in order to conveniently complete work can compromise the security of a whole organisation if this is being done by multiple employees.
You must remind employees that these updates are not intrusive pop-ups of frustration – but a necessary task which means that the security of your network remains a priority.
Reel big phish
Although malware comes from the outside, successful prevention of malware getting introduced to your system starts from educating on the inside. A workforce with a high level of awareness for common phishing and social engineering techniques will be less likely to be duped by Nigerian princes!
See a presentation from David Emm, Kaspersky from 2019’s Midlands Cyber Security Expo: The What, How, Who and Why of Computer Malware
Remember that attempts to gain credentials have grown more sophisticated in 2019 so make sure that your employees know that they shouldn’t:
- Click on unknown links in emails
- Plug in unknown devices
- Open emails from untrusted sources
Find out how you can create a culture of health and safety for your data here.