If your business’s cybersecurity consists solely of antivirus and firewalls, you are missing a dangerous area of risk: employees. Internal negligence and mistakes account for a significant portion of cyber attacks. Luckily, the appropriate cybersecurity training to prevent these mistakes is simple and easy for employees to learn.
Password Security
Businesses need to be extra cautious about their password practices in the face of rising cyber threats. Employee passwords should meet the following parameters:
- Not a password used by the employee on personal accounts
- Must be at least 10 characters
- Must not contain dictionary words (opting instead for randomized patterns)
- Must contain lower case letters, upper case letters, numbers, and symbols
- Must be changed at least every quarter
- Must be deleted when an employee leaves the company
- Must require two-factor authentication to reset the password
Avoiding Phishing
Reports show that up to 91% of cyber attacks begin with a phishing attempt. Phishing occurs when a criminal emails an employee asking for sensitive data under the guise of being a trustworthy authority. Usually, the criminal picks a facade like being a lawyer, vendor, IT specialist, creditor, government regulator, or other imposing figure. The well-meaning employee then releases either the sensitive data itself or the means to access it. Employees report that they responded to these malicious e-mails out of curiosity, fear, or a sense of urgency that prevented them from okaying the response with a superior.
Training employees to recognize and report phishing attempts can reduce the risk of falling victim. Running simulations can help demonstrate the difference between a legitimate email and a phishing attempt.
Unsecured Wi-Fi and Devices
Employees should be trained to avoid unsecured Wi-Fi and devices. Any Wi-Fi network that does not require a password is considered unsecured; these are commonly found at coffee shops, printing studios (like Kinkos), airports, etc. The same risk also exists in other places where Wi-Fi passwords are widely shared.
Unsecured devices are a risk to the business, too. This happens most often when employees use their personal desktop, laptop, tablet, or smartphone to access business information. When these devices are not protected by antivirus software, they are susceptible to cyber attack.
Review Cyber Liability Insurance Policy
Cyber Liability policies can protect a company’s assets if it is breached, even if an employee is at fault. Most policies cover legal fees, government fines, IT overtime, data recovery, credit card company penalties, and consumer credit monitoring. However, some policies may require proof that the company conducted Cyber Security Employee Training to help show an attempt to mitigate the company’s risks. Businesses must have a cyber liability policy and should review any obligations
If your business’s cybersecurity consists solely of antivirus and firewalls, you are missing a dangerous area of risk: employees. Internal negligence and mistakes account for a significant portion of cyber attacks. Luckily, the appropriate cybersecurity training to prevent these mistakes is simple and easy for employees to learn.
Password Security
Businesses need to be extra cautious about their password practices in the face of rising cyber threats. Employee passwords should meet the following parameters:
- Not a password used by the employee on personal accounts
- Must be at least 10 characters
- Must not contain dictionary words (opting instead for randomized patterns)
- Must contain lower case letters, upper case letters, numbers, and symbols
- Must be changed at least every quarter
- Must be deleted when an employee leaves the company
- Must require two-factor authentication to reset the password
Avoiding Phishing
Reports show that up to 91% of cyber attacks begin with a phishing attempt. Phishing occurs when a criminal emails an employee asking for sensitive data under the guise of being a trustworthy authority. Usually, the criminal picks a facade like being a lawyer, vendor, IT specialist, creditor, government regulator, or other imposing figure. The well-meaning employee then releases either the sensitive data itself or the means to access it. Employees report that they responded to these malicious e-mails out of curiosity, fear, or a sense of urgency that prevented them from okaying the response with a superior.
Training employees to recognize and report phishing attempts can reduce the risk of falling victim. Running simulations can help demonstrate the difference between a legitimate email and a phishing attempt.
Unsecured Wi-Fi and Devices
Employees should be trained to avoid unsecured Wi-Fi and devices. Any Wi-Fi network that does not require a password is considered unsecured; these are commonly found at coffee shops, printing studios (like Kinkos), airports, etc. The same risk also exists in other places where Wi-Fi passwords are widely shared.
Unsecured devices are a risk to the business, too. This happens most often when employees use their personal desktop, laptop, tablet, or smartphone to access business information. When these devices are not protected by antivirus software, they are susceptible to cyber attack.
Review Cyber Liability Insurance Policy
Cyber Liability policies can protect a company’s assets if it is breached, even if an employee is at fault. Most policies cover legal fees, government fines, IT overtime, data recovery, credit card company penalties, and consumer credit monitoring. However, some policies may require proof that the company conducted Cyber Security Employee Training to help show an attempt to mitigate the company’s risks. Businesses must have a cyber liability policy and should review any obligations
