How to improve cybersecurity at the workplace

Cybercrime rates keep rising across the globe, and the issue has become a top priority for businesses of all kinds and sizes.

After the devastating ransomware attacks in the past couple of years and in light of new and stricter rules that regulate data protection, the private sector is coming to terms with the fact that a high level of cybersecurity is of paramount importance. As companies nowadays usually hold a vast amount of data from customers, employees and third parties, the risk of being targeted by a hacker is always present. Therefore, training employees to be better prepared for the dangers that lie ahead is a necessity.


Are companies in danger of cybercrime?

As the 2018 Cyber Security Breaches Survey released by the British government revealed, 43% of companies had been successfully targeted by hacker attacks in the previous year – with damages amounting to thousands of pounds. The same report also concluded that 19% of charities were also hit, with the average pecuniary loss for charities being £1,030. This does not mean that costs incurred cannot go much higher than that. In one recorded incident, a non-profit found itself losing £13,000 after it saw the email account of a senior officer getting compromised by hackers.

As the study highlighted, charities were typically less prone to seek help and advice, have training sessions for employees, or come up with written rules on handling cybersecurity issues. The average loss figure rose to £3,100 for companies, with some also reporting the theft of valuable assets and intellectual property. When large enterprises and large charities with an income of at least £5 million were considered, then the percentage of those that had experienced a security breach or a cyber-attack rose to 72% for companies and 73% for charities.

The report also stressed the importance of taking even small steps towards ensuring a higher level of security – as even addressing fundamental weaknesses can do a world of difference. According to the same source, the government pledged £1.9 billion towards improving the nation’s cybersecurity defences. However, private companies need to step up, too. Educating your employees on the dangers of phishing could go a long way towards successfully fending off incoming hacker attacks.

Phishing is a very common social engineering attack vector, where a cybercriminal disguises as a trusted entity in order to trick the target into opening a message or email. The victim is then duped into clicking a malicious link, in order to inadvertently download and execute malware or allow the attacker access to sensitive information. In most cases, phishing scams aim at stealing data and making profit, but they sometimes are just the first step in a wider attack. Hackers can use phishing to invade a government or company network and then launch further attacks, like an Advanced Persistent Threat (APT). As a rule, phishing campaigns target employees in order to get their hands on their access privileges and bypass security measures put in place.

How to prevent phishing

What is particularly dangerous about phishing – or at least phishing campaigns that are well-designed – is that it usually makes use of big industry names that a user would not usually think to double-check. Research published on Statista indicates that Microsoft was the leading online brand that saw hackers use its name more frequently in 2018 – amounting to 6.86% of total detected scams. Facebook followed closely at 6.37%, while PayPal completed that top 3, being featured in 3.23% of cases. While some people would click on any link that seems to come from Microsoft or Facebook, you cannot afford that casual approach when it comes to your staff. Conducting training sessions that focus on spotting phishing scams and employing best practices, such as never clicking on email links not coming from trustworthy sources and typing in URLs yourself instead, should be part of any comprehensive corporate cybersecurity strategy.

Phishing is not the only issue, though. Employees must also learn to take fundamental measures, like choosing strong passwords and updating them regularly. They also need to be on board with the company’s wider policy, such as conducting backups of their work and the data they handle on a regular basis so that the company can quickly resume its operations even after a loss of data. Simple yet effective security measures that every member of staff must implement include two-factor authentication when accessing any account linked to the company. 2FA adds an extra layer of defence, as it requires the user to be able to access a device like their smartphone. This is especially crucial in instances of sensitive or banking information. Companies that fall victim to cyber-attacks stand to lose a lot – not only in valuable time and funds spent in containing the incident and mitigating its consequences but also in terms of foregone income and client loss.

Suffering a data breach can have a severely negative impact on your brand reputation, leading to disgruntled customers fleeing to competitors. By investing in cybersecurity and employee training on the most common cyber threats, like phishing scams, companies could immensely reduce the chances of falling victim to a hacker attack.