Cybersecurity

3 Solid Cybersecurity Tests for Your Employees

Cybersecurity is a prime concern of many modern businesses. And it should be – a direct cyber attack can cost businesses as much as $40,000 per hour. It doesn’t take much time for the costs to become dangerously large.

So how can organizations begin to protect themselves from these malicious threats? The most common first step to comprehensive defense is proper employee training.

A staggering 55% of organizations have had a security incident or data breach due to a malicious or negligent employee. These disasters are often extremely costly, but the good news is that they are easily avoidable.

60% of survey respondents believe employees lack adequate knowledge of cybersecurity risks. Informing your employees of the lurking cyber threats is an important first step in protecting your company. Proper employee training can significantly reduce the chances of a cybersecurity attack striking an organization.

Here are three solid approaches to cybersecurity tests that will keep your employees more secure than ever before.

Workspace Inspections

One of the biggest concerns in cybersecurity is in their immediate physical security. Many people leave their passwords physically written somewhere around their workspaces. The worst offenders will go as far as leaving their account names and passwords on sticky notes on their computers.

To combat this threat, you must perform random workspace inspections. Aside from helping you keep a clean office, they can clearly show you who is taking their cybersecurity seriously. From there, you can establish a reward system for those that pass the test to incentivize employees to follow proper physical security procedures.

Cybersecurity Knowledge Quizzes

Another important aspect of workplace cybersecurity is the overall security knowledge of employees. You should regularly send articles and notices of the latest cyber threats, including what to look for to avoid them and how to tell if an infection has occurred.

Your organization should also hold cybersecurity seminars – once a quarter should be plenty. Take the time during these meetings to showcase proper cybersecurity habits, such as regularly changing your passwords and locking your computers when you step away from them.

After the spread of cybersecurity information, ensure that employees are retaining their knowledge by administering multiple-choice quizzes. Just like their workplace inspections, you should incentivize those that perform well on these tests with various types of rewards.

Simulated Phishing Attacks

Phishing attacks tricks people into willingly clicking on malicious links and dangerous viruses. You’ve undoubtedly heard of them – one of the most popular is the “Nigerian prince” scam.

These cyber attacks are easily avoided by those that know what to look for, and they’re commonly clicked on by those that don’t. Though there are many different kinds of phishing attacks, the most common kind will come through as a seemingly innocent email.

You can run simulated phishing attacks that don’t contain malicious viruses. Instead, they simply inform you which of your employees fell for the phishing attack. When the test is completed, you must re-train all those that failed the test with proper cybersecurity policies. After all, it just takes one person to let a nasty virus into your network.

Cybersecurity for Your Business

Testing your employees properly takes a certain effort and coordinatioCybersecurityn that you simply not have time for. However, you can’t afford to let your cybersecurity efforts slip through the cracks.

But don’t fear – Diverge IT is here to help. We can bolster your cybersecurity and make it airtight, giving you the freedom you need to work on what matters to you. Ready to get started? Contact us.

Security Mistakes

The Top 3 Security Mistakes Employees Make

Network security is a chief concern of many organizations throughout the world. 75.6% of organizations encountered at least one successful cyberattack within the past 12 months. And though the rate of cyberattacks is not going to decrease anytime soon, it’s important to recognize why it’s so high.

The ideal network security efforts for organizations typically involve advanced devices and programs such as next-gen firewalls, antivirus software, and encryption programs. Despite these effective tools, the first line of defense should always start with the employees of the company.

Without proper security training, employees are prone to making mistakes that they could otherwise easily avoid. Here’s the top three security mistakes employees are making.

1. Reusing Passwords

The perfect password should be a combination of lowercase and uppercase letters. It must contain both letters and numbers, and special characters if allowed. Picking the perfect password isn’t difficult, but picking the perfect password multiple times can get extremely tedious.

Unfortunately, it’s nearly unavoidable. Multiple accounts require multiple passwords. To try and bypass this, employees will often reuse the same password across multiple (and usually all) accounts. It may be easier to remember the password, but it also poses a large risk. If a hacker came to know your password for one account, they would gain entry into every other account.

2. Using Unsecured Networks

It’s increasingly common for employees to use mobile devices for work purposes. That’s great for productivity and flexibility – but it also poses new risks. For example, users may sit down at a coffee shop to grab a drink and check their emails. Without thinking about it, they connect to the Wi-Fi network.

The importance of proper encryption cannot be understated. If the coffee shop uses an unencrypted and unsecured Wi-Fi network, a malicious actor can easily connect to the same network and access the machines connected to the same network. In other words, you’re handing someone information without meaning to. Sending an email or sharing a file with sensitive data in it can pose a huge security risk in an unsecured network.

3. Neglecting Physical Security

IT infrastructures are constantly bombarded with cyberattacks from everywhere on the internet. However, the attacks aren’t always based on the internet. They come from within the workplace itself and stem from a lack of physical security. When a user gets up and walks away from their computer without locking it, they invite trouble.

In the 2016 Cyber Security Intelligence Index, IBM found that 60% of all attacks were carried out by insiders. Of these attacks, three-quarters involved malicious intent, and one-quarter involved inadvertent actors. Malicious actors can simply access an unlocked device and grab whatever data they need. From there, they can do whatever they want with it… leaving your innocent employee liable for a potentially devastating data breach.

What to Do About Security Mistakes

Your employees aren’t actively trying to let cyberattacks into your network. But without proper security training, they still pose a risk that software or hardware can’t account for.

Keeping your employees informed is a powerful way to drastically reduce the chances of your organization suffering a cyberattack. If you’d like to learn more about how we can help you with security awareness training, contact us today.

6 Simple Steps for Better Business Security

You’re sitting at your desk and you’re innocently browsing your emails. You click on one with a strange subject line, insisting you must open “an critical attachment”. Without much thought, you open the attachment and – oh great, you’ve been hacked. IT support spends hours trying to contain the breach.

Oops.

A week later, your phone rings. The person at the other end of the call claims to be an IT technician. They say that they’ve got to run routine maintenance on your PC, but they’ll need your username and password to complete it. You’re used to the ol’ IT update game, so you think nothing of it. You go about your business like normal, until… your computer suddenly gets remote controlled, locking you out.

You’ve been hacked. Again.

What Gives?

Most companies would be quick to blame the employee in these situations. However, that’s not the full story. The problem isn’t that employees are easy to fool, or that they’re not smart enough. The truth is they’re untrained and unprepared.

75.6% of organizations encountered at least one successful cyberattack within the past 12 months. That’s a scary statistic. But it doesn’t mean all hope is lost – adequate training can dramatically reduce this number.

How’s that, you ask?

Start by following these six simple steps that fight back against business security threats.

1. Get Better Passwords

Passwords exist pretty much whenever there’s sensitive data involved. There’s a 17% chance we know your password. Is it 123456? If it is, 

please go change your password right now. Password security is simultaneously one of the easiest things to take care of, and also the one of the most annoying.

Modern computer users have to remember dozens of passwords for individual sites and applications. Even so, it’s important to have a good password consisting of uppercase, lowercase, and numerical elements. If possible, throw in some special characters too.

2. Lock It Up

Improved password security is a great start, but there’s plenty more to do. Here’s another highly important habit that all employees need to get into: locking their computer. In the 2016 Cyber Security Intelligence Index, IBM found that 60% of all attacks were carried out by insiders. Of these attacks, three-quarters involved malicious intent, and one-quarter involved inadvertent actors. Physically accessing a machine is easy as pie whenever it’s out in the open like a sitting duck. (No offense, ducks – it’s not like you can read this whitepaper).

When you lock your computer, you’re adding another level of security that a malicious person has to get through. Network administrators can also establish policies throughout domains that lock people out of computers after a certain number of attempts for even more protection.

3. Keep It Clean

When you store a lot of stuff on your computer, you’re giving viruses and malicious applications a wide range of places to hide. An infected document is hard to find among a sea of clutter. But with the proper usage of folder structures, computers become easier to manage for both IT departments and employees.

After all, it doesn’t take much to fill up the desktop and have it turn into a word-search game (and people always manage to do just that).

4. Save to Secure Devices

IT departments should discuss the importance of saving documents in appropriate folders. Employees usually don’t have the option to backup their own data, so this tip requires collaboration between administrators and computer users. Employees should be trained to save their files to specific folders, hard drive partitions, or network devices. From there, IT admins need to regularly backup their data to safe locations. In the event of a disaster, restoration of data becomes easy.

5. See Something? Say Something

Employees should never be hesitant about flagging suspicious activity. After all, it’s always better to be safe than sorry. If a user receives an unusual email with an odd attachment, you need to give them access to IT support that can answer their question. Yes, it’s possible that Carol from HR will flag a Java update eight times in a row… but it’s also possible that you catch something far nastier, such as a ransomware virus or a phishing attack.

6. Stay Informed

Lastly, an easy way to improve business security is to just keep your employees informed of the latest changes in the network security landscape. While it may not always be a riveting read, sharing the occasional IT security article here and there throughout the office can be a great boon to your security strategy.

What better way for employees to prepare for possible incoming cyber threats than to read about them directly?

Better Business Security for You

Implementing the tips listed in the six steps can drastically change the effectiveness of your business security strategy. Your employees will be better prepared with proper security habits and an overall improved knowledge of lurking threats. However, there are two drawbacks:

Time and effort.

Proper security awareness training can take a lengthy amount of time. Without the right people conducting that training, you may just waste precious time. Of course, efficient training stems from a hefty amount of effort too. You may not be equipped to run effective training sessions and informative events, but luckily for you, that’s what we’re here to do.

Diverge IT can help you with your security awareness training. To find out more about how we can boost your business security and keep your organization safer than ever, shoot us a message.