Security Guide - Inadequate staff education

What is the cost of inadequate staff education?

Cyber criminals often target the weakest point of a network, and in many instances, this may be the end user – the employee. No matter how strong your security or how robust your network configuration, retailers and hospitality organisations are at risk of scoring an own goal if they don’t give adequate training to their staff.

Hackers’ tactics

Business email compromise attacks involve sending scam messages to company employees in an attempt to extract sensitive information. This could include a fake email from a director to a HR colleague requesting employee log in credentials.

A lost or stolen mobile device, such as a laptop or smart phone can present a hacker with a treasure trove of opportunities. Hackers can target specific individuals they know will have access to sensitive data or the attack can be purely opportunistic.

Giving your staff cyber security education

1. Phishing attacks: It is possible to train your staff to recognise a phishing email or a spam attack so that they can alert your IT department to prevent other colleagues from being tricked. You can also buy phishing simulator training that tries to trick employees into handing over sensitive information. The colleagues who fall for the fake emails can then be offered extra cyber security training.

2. Create an acceptable-use policy: Staff should be given clear guidance on what websites they’re allowed to visit, what kinds of files they’re allowed to download, and what kinds of Wi-Fi networks are safe.

3. Cultivate an open-door reporting culture: Your employees should be encouraged to report anything suspicious to IT, even if it resulted from clicking on a website or downloading a file they shouldn’t have. It is in everyone’s interest to encourage a culture in which employees can talk about potential threats without the risk of punishment.

4. Manage mobile devices effectively: Make sure your employees know when to update their mobile devices to ensure they have the latest security updates and patches. Ensure they also know the importance of the physical security of their devices. This includes ensuring they are not left unattended and when unattended they are properly stored to reduce the risk of theft.

5. Provide Wi-Fi training: You should underline the importance of only using password protected Wi-Fi networks in public. When employees are on smart phones and tablets they should always use the device’s mobile data plan rather than an unknown and unsecured Wi-Fi network.

 

What Vodat can do for you

In support of your employee cyber security education, we can set up alerts reminding your staff of your acceptable internet use policy and also remind them not to use insecure Wi-Fi networks before they attempt to log on to public networks.