Developing better cyber security habits at work – a job for all of us
There are numerous factors to this, including legacy infrastructure that no longer meets modern security standards, to the increasing interconnection of physical and digital systems, which presents a whole new set of security challenges. Combined with the increasingly stringent compliance requirements many sectors must consider, modern cyber security ecosystems are evolving at an unprecedented rate to ensure organisations are able to stay several steps ahead of criminals’ increasingly devious, sophisticated, and aggressive methods, avoiding the financial and reputational damage of a successful attack.
But despite the growing sophistication of data security systems and a generally higher standard of best practice, organisations are still most at risk of a breach due to one key factor: human error.
The most common – and sadly, effective – method utilised by cyber criminals is social engineering, i.e. tricking members of staff into divulging information that can be used to access corporate infrastructure. In light of this, ensuring data remains 100% secure at all times is just as much a question of ensuring staff are properly trained to spot potential attacks as it is implementing the right technology infrastructure.
In other words, cyber security is everyone’s responsibility, not just IT teams.
So, with that in mind, how can staff make good security practices a standard part of their working lives, whether they’re working from the office, at home, or on the move?
Here are a few practical steps you can take today…
- Establish robust corporate security policies. Corporate security policies should be regularly reviewed and updated in the light of the most recent threat intelligence, with regular training and refresher sessions provided to all staff.
- Don’t forget about physical security. Hackers won’t just try and access data remotely. They may also attempt to gain access to the office in person, by following an authorised person inside, where they can then plant devices (USB sticks, for example) that will introduce malicious software to the system. All staff should be conscious of who is allowed access to office space and be willing to challenge anyone who cannot justify their presence.
- Be inherently suspicious of email communications. This goes for emails that purport to come from within the organisation, as well as from external senders, as a common tactic utilised by cyber criminals is to disguise emails with malicious links or attachments to look like official communications. Staff should be trained to look for the typical giveaways, like incongruous or nonsensical subject lines, spelling mistakes, or unfamiliar senders. In particular, be wary of clicking on links or attachments, as this is one of the most common causes of security breaches.
- Use strong passwords… and change them regularly! Criminals are particularly adept at working out passwords, which means its important for staff to avoid anything simple or obvious, utilise different passwords for each website or application, and change everything on a regular basis.
These are all very much first steps, as a true cyber security culture will be constantly evolving, as new threats reveal themselves, and new technologies and methodologies develop in response.
To find out more about developing your own teams’ cyber security awareness, we invite you to explore our exclusive report, Create a Cyber Resilience Plan for Your Business.
Rethinking CNI’s long-term resilience as the new NIS 2 directive approaches
With the new UK Network and Information Systems (NIS) regulations launching in October 2024, intended to boost the whole CNI sector’s operational resilience and ability to manage cyber risk, Operators of Essential Services (OES) must be ready to take a proactive,...
Establishing next-generation dataflows to enable highly secure, highly efficient CNI operations
With a range of highly sophisticated, aggressive attacks against Critical National Infrastructure (CNI) being a near certainty, it is essential that Demilitarised Zones (DMZs) are incorporated into security ecosystems to protected against breaches without compromising operational efficiency.
The new NIS 2 Directive and IEC 62443: Establishing an edge-to-core approach to cyber security and risk management in 2024
With the public demanding robust evidence that their data will always remain secure when accessing a critical service, the regulatory landscape has become increasingly complex – a trend that shows no signs of slowing down. Indeed, in October 2024, we will see the...