PUBLISHED 7 February 2023
Cyber Security
Cyber security has become a regular news item in the media in recent years. From high-level politicians using personal email accounts to send confidential documents, to defence officials picking up unidentified memory sticks and plugging them into government computers, to streaming services and car dealerships leaking personal data of millions of customers. The types of incidents vary, but we hear of them occurring on an almost daily basis and no industry is being spared the pain.
The worldwide cost of cyber crime is estimated to reach over £8trillion by 2025 and cyber threats and risks are a constant threat to us all, both at home and in the workplace. The kinds of threat differ greatly, and those perpetrating them range from lone-wolf criminals to state-sponsored hackers, but we must all be prepared to guard against them and everybody needs to have a grasp of the basic principles of cyber security.
It is us regular users who remain the greatest vulnerability to the computer systems that we use, to the confidential data we store on our personal laptop, or that our organisation store on their network. Around 75% of successful breaches occur due to human error or negligence, mistakes that expose us to both reputational and financial risk.
With Safer Internet Day taking place today, what better time to ask the questions: how do we overcome these threats, and how do we ensure that we are secure and not exposed to such risk?
Leadership
Leadership is key to creating and promoting a culture of cyber security in the workplace, as the attitude of an organisation towards the subject plays a major role in how employees integrate it into their working days.
If those at the top of the organisation, and those in management, embrace cyber security as a priority and make sure this message is clearly communicated then it will be taken more seriously, thus enhancing awareness and mitigating risk. It is not realistic or fair to expect frontline staff to be motivated about cyber security if management are not committed to the mission.
It is mandatory that management at all levels build a positive attitude towards awareness and encourage the workforce to become enthusiastic about building a culture of cyber safety. Transfer of knowledge and best practice within the workplace is the number one way of doing this, and that can only be done by ensuring communication plans and education are in place.
Education and Training
Too often employees are caught unaware, giving cyber criminals an unfair advantage. Negligence allows hackers to use even the most basic techniques to gain access to your confidential information.
Put in place a training plan, hire an expert team, to provide your workforce with the critical skills that they need to combat those criminals. The training can be self-paced, and run throughout the year, and communication on any increased threats should also be provided to ensure staff remain up-to-date.
Ongoing training is key, with unscheduled simulated exercises being used to upskill employees and ensuring your company assets are safe in the hands of an educated workforce. Your workers should be able to spot suspicious emails and know where to report them to, and, especially in these days of working from home and workplaces being split between multiple locations, when to connect to VPNs and how to keep their portable devices safe and secure.
You do not want to be in the middle of a cyber attack the first time you think about it – you should be prepared and ready for it in advance!
Planning and Implementation
You should have a communication plan for when that cyber attack incident does take place. It should be created with the least technically minded staff as a priority, taking into account the applications that are most widely used and that contain the most sensitive data.
Strong passphrases and multi-factor authentication should be in place, and access should be restricted to only those who need it. The days of everyone in the company having the same passwords and access-level to applications should be long gone!
It is also vitally important that you know exactly what you are protecting and take an inventory of all the hardware and software that may be exposed – you can’t defend what you don’t know you have!
Planning cannot guarantee ultimate effectiveness against human error, but lowering risks and managing these mistakes is achievable and internal awareness can assist in developing a cyber secure culture in the company.
Creating a secure environment requires constant effort from everyone, and it is a key focus of the workplace that all employees know they are responsible for cyber security.
Culture
With training and planning in place it is important to maintain that safe culture, and build it into thinking and planning throughout, ensuring that it is part of how work is done.
Online safety best practices are everyone’s responsibility and security should be ingrained in all parts of the work environment, with those ongoing tests and communications becoming familiar so that workers are invested in the changes taking place.
A business must collaborate with every role, function, and department, in the organisation to combat the cyber threats, and the regular communication should be used to sustain the new culture. Posters, newsletters and reminders are just some of the effective ways in which important security themes can be instilled further.
Safeguarding your organisation against cyber attacks is a priority in this day and age, and one that must become part of the culture and identity of the workplace. This can only be done by keeping employees interested, engaged, and invested in the process, and when you do that, you can be sure that you are doing your best to defend against the ever-evolving world of cyber threats.