Frontline Defense Against Cybercrime: Keep Your Employees From Being Your Biggest Weakness
While there are many ways cybercriminals can find their way into your systems and data, they will always try the path of least resistance, which is through your employees. As discussed in The Easiest Way to Protect Against Cybercrime: 5 Ways to Strengthen and Protect Your Passwords, compromised passwords account for more than 80 percent of all data breaches. But passwords are just one area of concern; there are other ways your employees can unintentionally put you at risk and many other ways to help prevent cybercrime.
#1 Make Your Employees Part of Your Strategy to Prevent Cyber Crime
Employees need to understand the critical role they play in the effort to prevent cybercrime—that they are, unfortunately, the most vulnerable because it’s much easier for a cybercriminal to get in through them than through your firewall. The best way to get their cooperation and participation is by making them a part of your cyber-resilience program, acting as one of many layers of security that work together to protect your organization.
#2 Implement a Regular Training Schedule
IT departments get regular training on ways to prevent cybercrime. In fact, they are tested on a regular basis—and sometimes even they fail because phishing attacks and the like can be very sophisticated and because everyone is very busy and moving fast. If that is the case with IT, it stands to reason that employees should also get regular training and testing. Put a schedule in place and make it clear to your employees how important it is, that it is as much a part of their job responsibility as their other duties. Start with best practices, like never clicking on an unfamiliar link and reporting anything suspicious.
IT departments typically receive regular communications about the latest methods and scams, from phone to email to social media. Share that with employees as a regular part of training, but do it in a way that is clear, concise, and actionable. Look out for an email with this as the subject line. Don’t click on this link. Don’t look at these texts. Don’t visit that website. Be as specific as possible and communicate with easy-to-read emails that get to the point. Remember that the average click rate with phishing emails is 20-30 percent, and that number needs to be under three percent.
#3 Encourage Reporting
In addition to avoiding opening suspicious emails, etc., employees need to be encouraged to report anything suspicious or concerning around security or other questionable activity. If one employee receives a phishing email, it’s very likely that the same bad actor has targeted others in your company. By reporting, employees help you prevent cybercrime by alerting you so you can take measures to ensure nobody else falls victim to the scam. Be sure to encourage and make it easy for employees to report by putting procedures and tools in place—and make sure employees are trained properly on how to use them. Contact ArcherPoint to inquire about tools available for phishing email reporting.
#4 Optimize And Protect Passwords
Use this as your password checklist:
- Make passports long, complex, and unique
- Use a password generator
- Use a passphrase (longer password)
- Use multiform factor authentication
- Use a password manager
- Test passwords
- Do NOT use the same password or passphrase in multiple places
- DO NOT save your password in a browser, Excel spreadsheet, or text editor
Don’t Forget To Secure Your Physical Space
In an age when working remotely is much more common, there are still physical offices, warehouses, and factories that need to be protected. Your company can implement a physical security and monitoring system and also require a code or badge to enter the facility, but it’s also important to protect against internal threats. Train employees to keep sensitive information hidden from view rather than out on a desk. The same goes for sensitive information on screens. Some information, like employee files, need to be kept under lock and key. Make sure your organization has clear policies and procedures and, again, train employees on those procedures rather than assuming they’ll read a manual.
Learn More About How To Prevent Cybercrime
Want to learn more about what you can do to protect your organization? Watch our recorded webinar, Demystifying Cybersecurity with ArcherPoint, where ArcherPoint’s Mathew Schmider discusses best practices around endpoint management, passwords, backups, user education, and more. Then contact us to learn about the tools that can help you implement these practices in your company.