Developing better cyber security habits at work – a job for all of us
There are numerous factors to this, including legacy infrastructure that no longer meets modern security standards, to the increasing interconnection of physical and digital systems, which presents a whole new set of security challenges. Combined with the increasingly stringent compliance requirements many sectors must consider, modern cyber security ecosystems are evolving at an unprecedented rate to ensure organisations are able to stay several steps ahead of criminals’ increasingly devious, sophisticated, and aggressive methods, avoiding the financial and reputational damage of a successful attack.
But despite the growing sophistication of data security systems and a generally higher standard of best practice, organisations are still most at risk of a breach due to one key factor: human error.
The most common – and sadly, effective – method utilised by cyber criminals is social engineering, i.e. tricking members of staff into divulging information that can be used to access corporate infrastructure. In light of this, ensuring data remains 100% secure at all times is just as much a question of ensuring staff are properly trained to spot potential attacks as it is implementing the right technology infrastructure.
In other words, cyber security is everyone’s responsibility, not just IT teams.
So, with that in mind, how can staff make good security practices a standard part of their working lives, whether they’re working from the office, at home, or on the move?
Here are a few practical steps you can take today…
- Establish robust corporate security policies. Corporate security policies should be regularly reviewed and updated in the light of the most recent threat intelligence, with regular training and refresher sessions provided to all staff.
- Don’t forget about physical security. Hackers won’t just try and access data remotely. They may also attempt to gain access to the office in person, by following an authorised person inside, where they can then plant devices (USB sticks, for example) that will introduce malicious software to the system. All staff should be conscious of who is allowed access to office space and be willing to challenge anyone who cannot justify their presence.
- Be inherently suspicious of email communications. This goes for emails that purport to come from within the organisation, as well as from external senders, as a common tactic utilised by cyber criminals is to disguise emails with malicious links or attachments to look like official communications. Staff should be trained to look for the typical giveaways, like incongruous or nonsensical subject lines, spelling mistakes, or unfamiliar senders. In particular, be wary of clicking on links or attachments, as this is one of the most common causes of security breaches.
- Use strong passwords… and change them regularly! Criminals are particularly adept at working out passwords, which means its important for staff to avoid anything simple or obvious, utilise different passwords for each website or application, and change everything on a regular basis.
These are all very much first steps, as a true cyber security culture will be constantly evolving, as new threats reveal themselves, and new technologies and methodologies develop in response.
To find out more about developing your own teams’ cyber security awareness, we invite you to explore our exclusive report, Create a Cyber Resilience Plan for Your Business.
A new model of high-resilience data hosting for tomorrow’s interconnected manufacturing
With manufacturing now officially part of the UK’s CNI sector, what steps can organisations take to bring their operations in line with CNI rigorous standards of security and resilience?
Envisaging a new breed of Hyperconverged Infrastructure, tailored to the very harshest environments
The Cloud has fundamentally changed the way organisations across a range of sectors design, manage, and scale their IT infrastructure. In many cases, this has allowed them to stay abreast of unexpected shifts in the digital landscape while retaining full control of...
Rethinking CNI’s long-term resilience as the new NIS 2 directive approaches
With the new UK Network and Information Systems (NIS) regulations launching in October 2024, intended to boost the whole CNI sector’s operational resilience and ability to manage cyber risk, Operators of Essential Services (OES) must be ready to take a proactive,...
Contact us...
Schedule a Consultation
Contact Vysiion today to discuss your CNI technology needs.