You can implement multiple automated layers of cybersecurity (anti-malware, firewall, DNS filtering, etc.) and still end up with a data breach or ransomware infection.
There’s a human aspect to cybersecurity that can’t be automated away. While you can backstop your users as best as possible with technical IT security protections, you can’t automate them from being fooled and clicking on a phishing email or fake social media direct message.
The Sophos 2021 Threat Report provides data based upon attacks that happened the prior year to point out things that companies need to watch out for. It turns out that one of the biggest causes of 2020 data breaches was user behavior.
The report states, “A lack of attention to one or more aspects of basic security hygiene has been found to be at the root cause of many of the most damaging attacks we’ve investigated.”
What’s basic security hygiene?
It involves things like:
- Creating strong passwords
- Not opening file attachments from unknown senders
- Not clicking links from unexpected emails or messages
- Using a passcode-protected screen lock on devices
- Not reusing passwords across multiple applications
- And the list goes on
One thing that makes it challenging to promote good security hygiene is the fear factor. An employee doesn’t want to get in trouble for accidentally clicking on a phishing link.
They may click on the link, immediately realize they shouldn’t have, but not see anything particularly happening on their PC, so think, “Phew! I can just keep quiet about that.” They go about their business not realizing they’ve just released spyware on the network.
Another challenge is getting users to adopt good password habits. They have so many passwords to remember that they can’t possibly remember them all. They’re faced with an impossible policy by their company, so they just quietly continue managing passwords the only way they know how to.
More than 99% of users reuse passwords across multiple accounts.
How Can You Create More Secure Users?
Tackling the human aspect of cybersecurity takes remembering that you’re dealing with human beings. Ones that will have different motivators and that should be treated as part of the cybersecurity solution, not a problem.
Rather than addressing cybersecurity in a punitive way, such as “You’d better not do this or else!”, adopt a more collaborative stance, like “How can we work together to keep all our data safe?”
Here are some of the ways you can use that approach to strengthen the security hygiene of your users.
Make Engaging Training Available Regularly
Which scenario sounds better to you?:
- Sit through 2 hours of someone talking at you about cybersecurity once a quarter.
- Each Friday, take 10 minutes to watch a video or go through a phishing game to hone your cybersecurity skills.
Most people would choose scenario #2.
When you put together a cybersecurity awareness training strategy, look at it from a user’s point of view and ask your employees’ input.
There are several engaging ways for employees to learn about IT security best practices, including fun animated videos and interactive games. Plus, taking a smaller amount of time more frequently to focus on security, keeps the topic at the front of your staff’s minds and regularly reinforces good security hygiene.
Provide Steps for Reporting Incidents
Many employees won’t report a strange popup on their computer or the fact that they saw an unattended laptop in the breakroom with personal information on it. Not because they’re trying to hide something, but because they don’t know who to tell or if it’s important enough to bother anyone with.
You can improve the chance and a potential security problem is caught early before it results in a major breach by providing clear instructions on how to report incidents.
You may even want to set up a special email address for users to email to report a security issue. This way they don’t feel like they’re “bothering the boss with something that could be nothing.”
Remind Employees They’re Also Protecting Their Data
Data breaches at companies don’t only impact your customer records or company files, they can also impact employee personal information.
Companies need to store employee Social Security numbers, home addresses, phone numbers, and sometimes bank account data for direct deposit. All that data could potentially be breached if just one PC was infected with spyware.
When employees realize that cybersecurity is personal, they may be more careful about their own security habits.
Need Help Improving Your Cybersecurity Protection?
Magnify247 can help your Hamilton County business with a top-to-bottom approach to your cybersecurity, including both technical and human elements.