No company is ever 100% safe from cyber criminals. This is an unfortunate reality that we must always be conscious of. Keeping yourself and your employees informed is the best possible defence against cyber crime
Many business owners seem to believe the myth that cyber criminals only ever target the biggest companies. This is perhaps unsurprising. After all, when a large business with an international client base suffers a data breach, it becomes big news, whereas if the victim in question is a local retail outlet, less people are likely to hear about it. However, these small and mid-sized businesses certainly need to be careful about cyber security. If you’re a hacker looking for a target, breaking into a few small companies with minimal security measures in place is going to be much easier than trying to hack Amazon.
This is why it is vital that every business owner incorporates cyber security into their daily routine, and the routine of their employees. Cashiers, stock room attendants, cleaners, line managers; they are your soldiers on the ground in the battle against cyber crime, and it is your duty to ensure they are equipped with the right tools.
Here are the best ways to help your team understand how to fight and defend against cyber crime, courtesy of the experts at Syntax IT Support London.
Make cyber security part of your training process for new employees
If someone is applying for a job as a customer assistant, a waiter, or a marketing assistant, they’re probably not expecting cyber security to be a major part of their duties. As their employer, it is your job to ensure that the importance and gravity of cyber security in every area of the business is emphasised from day one of training. It may even be helpful to have an IT expert present for at least a part of the training period.
Starting a new job is a nerve-racking experience for everyone. If a new employee is trying to find their way around their new duties, colleagues and environment, cyber security can easily become less of a priority, unless its importance has been properly reinforced. Any under-trained employee, no matter how little their duties involve the internet, could become the weak link in your armour. It only takes one click of a dodgy email or a carelessly chosen password to bring your business to its knees.
Emphasise the importance of passwords
Speaking of passwords, having a strong one is one of the simplest and most effective ways your employees can scupper any hacker’s attempt to hijack your business. There are a few golden rules you should ask every member of your team to follow when setting up a password, in order to make it as strong as possible. One weak password from a single employee could be the unlocked door a cyber criminal has been waiting for.
The golden rules of password creation are:
- Use multiple characters: a mixture of uppercase and lowercase letters, numbers and symbols.
- It should be AT LEAST eight characters long.
- Don’t make it one complete word. Combine two (or more) words, or make it a series of seemingly unrelated letters and numbers.
- Make sure every employee has their own unique password, and that passwords are not being shared across the whole company, even with small differences, such as a different number at the end.
- Ask your team to change their passwords regularly, ideally at the start or end of every month, but at the very least at the start or end of every quarter.
Following these rules means that any hacker will have a difficult time getting past the first hurdle into your business, making them more likely to give up and move on.
Make cyber security training mandatory for EVERY employee
Cyber security should not be the exclusive domain of a designated IT specialist or department; EVERY employee should be trained in safe internet practices, as well as why such practices – time consuming and tedious as they may be – are so important. Anyone who has to use a desktop, laptop, till, or mobile phone as part of their duties, however infrequently, should know how to use those devices safely.
Learn to recognise phishing emails
A cyber attack or malware infestation doesn’t summon a storm of flashing red lights and wailing sirens. Any cyber criminal worth the name will have more subtle and insidious tricks up their sleeve, with the most common being a seemingly innocuous email.
Most of the biggest data breaches happen because of simple human error, and it’s easy to see why. When an email appears in the company inbox, it’s only natural that an employee – possibly groggy first thing on a Monday morning, or exhausted last thing on a Friday night – will automatically click on it. Hackers are clever people with a keen knowledge of the latest software, so the threat the email poses will naturally be difficult for the average employee to detect. The links within could look exactly like the ten other links they’ve clicked on over the course of their working day, so it’s vital that they are trained to be alert for even the subtlest discrepancies.
To help your team members recognise a suspicious email, teach them to:
- Always check the sender’s email address, and to verify it.
- Be alert for changes in the email’s format, tone, or contents, if it seems to come from a regular contact.
- Not click on any links without verifying them first.
- Always scan attachments.
None of these steps are particularly demanding or overly technical, it’s just a matter of making them a habit.
Keep your team up to date on the latest developments
As anyone with even a basic awareness of computers and the internet knows, the cyber world moves fast. You can be certain that cyber criminals are keeping up to date on the latest malware and hacking techniques, so you and your employees should too. Unless a massive global company suffers a cyber attack, such stories rarely make it onto the mainstream news, so make the effort to seek out these stories, and consider the implications for your business and its cyber security practises. Encourage your team to update and share these stories amongst themselves, and try to hold regular meetings to discuss what you can all learn from the mistakes or misfortunes of others.
Giving your employees training in cyber security should not be the end of the matter. It is important that the skills they have learned are regularly tested, to ensure they do not grow rusty. Listen to any concerns they may have about potential gaps in their knowledge. Work with an IT specialist to test their reactions with a fabricated phishing email, and see how willing they are to reveal sensitive information. The goal of such tests isn’t to call out your employees for their mistakes, but to locate the weak points in your company a hacker might exploit, and help you to address them.
When it comes to understanding cyber security, don’t ask yourself whether you might fall victim to a cyber attack; ask yourself, if someone were to attack you today, would you be prepared?