It’s October! That means it’s Cybersecurity Awareness month. Use this blog as a reminder and maybe a “wake-up” call to your organization’s cybersecurity policies.
As a business you know the importance of ensuring that your data is safe from the prying eyes of cyber criminals. While antimalware software programs and firewalls are an essential piece to this, another important element is, training your employees to identify the traps laid by cyber criminals. This blog offers a starting list of what should be included during a cybersecurity and employee awareness training.
Password best practices
This should be number one on the list. The easiest way to steal data is by stealing and hacking passwords. Hence the priority of educating employees on password best practices. They should know:
- How to share passwords safely (IF it has to be done).
- How to set strong passwords.
- How often passwords should be changed.
- Your organization’s rules regarding passwords, i.e. your password policy and associated penalties/actions that will be taken if they fail to adhere to it.
It’s also very common for companies to invest in a secured password tool. There are many options out there and these tools allow employees to safely store, share, and sometimes even create complex passwords for users when needed or requested.
Phishing is a social engineering event where a cybercriminal attempts to receive personal information, like a credit card number or bank account information through email, phone or SMS text messaging by posing as a legitimate person or institution. Typically, this is the first step involved in identity theft or financial loss.
Train your employees to identify phishing attempts. Phishing is when cyber criminals pose as someone trustworthy and attempt to steal data. Studies show that the number one reason businesses become victims of cybercrime is because their employees fail to recognize a phishing attempt. For example, an email may be disguised to look as though it came from a coworker or vendor, or even a government agency such as the IRS, and may contain a request for sensitive information. Some may have attachments that the receiver may open unknowingly and end up infecting the whole network with Malware is short for “Malicious Software” and is typically coded and designed by cybercriminals for the intel to corrupt a machine, system or gain access to a network. Malware is most commonly created and sold on the Dark Web.. Though antimalware software programs generally identify such communication and either mark them as spam or issue warnings when the receiver tries to open them or download the attachment, training your employees to recognize phishing attempts is crucial, because even a single email that slips through the crack can result in a huge disaster.
Remember this is not a one-time thing. Cybercriminals are always at work devising new strategies to steal your data. It’s a good idea to include these training policies and topics while on-boarding new employees as they join your organization. You can also offload this task to an experienced managed services provider who specializes in cybersecurity. Here at Accelerate, we keep our clients updated on the latest security threats and recommendations. We also offer cybersecurity and employee awareness training to our clients and prospects. If local, we can present to your team on-site, or we can have the training virtually. Either way, your team will leave with much more knowledge on password best practices and how to identify phishing attempts. We can even follow-up with doing a phish test to see which individuals may need further training. Contact us today for more information!