Companies continue to face new cybersecurity challenges with the rise of remote and hybrid working. This October, we conducted surveys in over two dozen client organisations to learn about the cybersecurity awareness of their staff.
Cybercriminals are aware of these vulnerabilities and are increasingly targeting remote workers. In fact, a recent study by IBM found that the number of cyber attacks targeting remote workers increased by 72% in 2022.
In October 2023, Skillcast undertook a survey of its customers to benchmark cybersecurity awareness amongst employees. It highlighted a training and knowledge gap in most areas, but particularly within social engineering and phishing. Numbers indicate the Net Preparedness Score of employees across 26 companies for each cybersecurity risk.
Firstly, staff need to keep communication lines open with their IT team so they can easily get advice or ask for assistance.
Sometimes, the easiest way to access sensitive information is through physical means. If staff have a dedicated workspace, they need to ensure it is physically secure and never leave sensitive documents or devices unattended.
Once that hurdle is overcome, staff need to consider a number of other risks that are heightened outside of the office environment.
Staff must keep their software and devices up to date. Software updates often include security patches that can help protect your devices from malware and other threats.
Regularly backing up data can mitigate the risks of a data breach or other security incident. Finally, hard drives should be encrypted to make it more difficult for unauthorised individuals to access data if a device is lost or stolen.
Although having a strong password may seem obvious, the World Economic Forum research shows that 80% of all breaches are due to weak passwords.
That's why educating your staff on the principles of strong passwords and the advantages of using password management tools is crucial.
Train your staff to create strong, complex passwords, stressing the need to avoid using easily guessable information like birthdays or names. Passwords should be at least 12 characters long and include a mix of upper and lowercase letters, numbers, and symbols.
Also, highlight the benefits of using password management tools. These tools securely store and encrypt passwords, enhancing security and protecting sensitive information.
Explain the critical importance of being vigilant in all online communications.
Cybercriminals often impersonate trusted individuals or organisations. Phishing involves fraudulent emails or websites impersonating legitimate sources to steal personal information, such as passwords or credit card numbers.
Phishing attacks are constantly evolving, employing increasingly sophisticated tactics to deceive users. So, you need to train staff on how to identify phishing attempts.
Staff should be wary of emails from unknown senders and never click on links or open attachments in emails unless they are sure they are legitimate. They need to verify the identity of anyone requesting sensitive information, particularly in unexpected or unsolicited communication, even when names seem familiar.
By fostering a culture of vigilance, your staff can significantly reduce the risk of falling victim to social engineering attacks, a common gateway to identity theft and fraud. This vigilance is crucial for maintaining online safety and protecting sensitive data.
Home routers connect staff to the internet and will not have the same levels of protection as office-based servers. And public Wi-Fi networks are likely even worse, so they should not be used for work-related activities whenever possible.
Router security is key in safeguarding their home network. Changing default router passwords is a fundamental step to prevent unauthorised access.
Staff should also enable WPA3 encryption for Wi-Fi networks and set up strong, unique Wi-Fi passwords to protect against unauthorised access.
Better still, enable a Virtual Private Network (VPN) for remote workers. A VPN creates a secure tunnel between your device and your company's network, encrypting your traffic and protecting your data from prying eyes.
Encourage the use of 2FA for online accounts whenever possible, as it adds an extra layer of security by requiring a one-time code sent to their mobile device during login, making it harder for unauthorised access.
Highlight the significance of 2FA in bolstering account security and how the dynamic element can deter hackers.
Cybercriminals can use social media to gather information about you and your company, which they can then use to launch attacks.
Guide your staff in adjusting privacy settings and using social media responsibly. Explain that limiting publicly accessible personal information and managing app permissions are vital for minimising identity theft risk.
Encourage your staff to proactively manage privacy settings on social media and online services, expressing the importance of restricting publicly accessible personal information to limit exposure to potential threats.
Explain that managing app permissions helps control data access, ensuring that only necessary information is shared with third-party applications and services, thus reducing the risk of identity theft.
We've created a comprehensive GDPR roadmap to help you navigate the compliance landscape, supported by a comprehensive library of GDPR Courses.
We also have 100+ free compliance training aids, including assessments, best practice guides, checklists, desk aids, eBooks, games, posters, training presentations and even e-learning modules!
Finally, the SkillcastConnect community provides a unique opportunity to network with other compliance professionals in a vendor-free environment, priority access to our free online learning portal and other exclusive benefits.