Security-savvy employees can reduce cyber threats and costs
Security Awareness: Awaken the #CyberAware Warrior Within
Employees are often touted as one of the biggest threats to an organisation’s IT security. However, Charl Ueckermann, CEO at AVeS Cyber Security, says they can actually act as a powerful defence against cyber security threats.
“Educating employees on cyber threats and how to use IT resources and the internet securely can help lower security risks, as well as the costs associated with managing those risks. Use International Cyber Security Awareness Month (October, #CyberAware) to make your employees active warriors against cyber threats, which can impact them personally as well as the business.”
Ueckermann says employees can unknowingly expose company networks and data to cyber threats in a number of ways. For instance, by downloading files from unsafe sources, using infected peripheral devices such as USBs and tablets, using unauthorised applications from the internet, accessing unsafe websites, responding to phishing emails, clicking on unsafe links in emails and even by giving out their personal details or company information on social media. These actions pose a danger not only to the company network but to the end-users themselves. Aside from the risk of malware, they could open themselves up to the risk of fraud or identity theft.
But, when employees are aware of the risks associated with these actions, and they understand the dos and don’ts, they become contributors to the IT security strategy rather than a threat.
Data Governance: People, Process, Technology
“Protecting an organisation’s networks and data takes both technological and behavioural intervention. In fact, effective IT security is the result of managed interplay between people, processes and technology. Each component has the potential to impact the others. Yet the human element is often neglected by IT security strategies.
“Every person who has access to company systems and data plays an important role in lowering IT security-related risks. They also have the potential to impact the effectiveness of technologies and processes in place. With everyone aware and supporting the security strategy, it is possible to reduce IT security costs by a third while increasing the effectiveness of IT security technologies and processes. It’s a win-win,” says Ueckermann, adding that companies could consider making security education and awareness part of employees’ KPIs.
Empowerment in the Digital Age
He adds that when employees are more informed about potential cyber threats and are more conscious when using IT and internet resources, it also empowers them to protect themselves while browsing, engaging and transacting online.
“It is the digital age, with people shopping, socialising, banking and doing business online. It really ups the enjoyment factor if you know you are doing these things safely and not putting yourself at risk. AVeS is a people business, and by the way, we do IT. Rather than clipping employees’ wings, we guide companies to empower their employees to use technology safely and effectively for optimum productivity and end-user experiences.”
Security Awareness Tips: At Work and Home
He concludes with these tips for enjoying technology without fear:
- Avoid connecting to open WiFi networks. Wait until you can connect to a secure WiFi network, especially if you are going to be doing anything sensitive such as banking or accessing your company network.
- Choose strong passwords for your online accounts, including social media accounts and especially your online banking. Use a complex password that mixes numbers, letters and characters.
- Don’t use your company email address when signing up for a social media account. If the social media account is hacked, you could inadvertently expose other business information linked to your business email.
- Make purchases using trusted online sites. Only submit credit card details on sites that supply encrypted and secure connections. Look in the address bar for https: rather than http. The “s” stands for secure. Secure sites may also have a padlock icon in the address bar.
- Be careful what you download from the internet because you could inadvertently download malware onto your phone or computer. If a site or app looks suspicious, do not download it. You can also try googling the name of the app to see if any warnings come up.
- Be careful about what you post online. Do not give away any information that could help a cyber criminal identify who you are, where you work, where you live or any other personal details.
- Do not share your contact details, banking information or any other personal information with anyone you do not know.
- Don’t click on links in emails or open attachments in unsolicited emails from people you do not know.
- Keep your antivirus software on your computer and mobile devices up-to-date.
- Take heed of your company’s security policies around the use of email and IT resources. These are in place to protect you as well as the company. You have a role to play in lowering IT security risks.