20 proven techniques to improve cybersecurity in the workplace in the long run
In 2017 cybercrime affecting businesses rose to a staggering 63%. With 17 million people in Britain targeted by phishing, ransomware, online fraud, and hacking, and an estimated 4.6 million pounds stolen during this period,
can your business afford the critical downtime these cyber threats cause?
Losing confidential and private information is one of the main issues faced by businesses, with breaches occurring due to no formal written internet security policies for employees, as well as a lack of firewall best practices and email security software implementing; businesses are now more exposed than ever.
Below we've provided 20 proven techniques to improve cybersecurity in your workplace, preparing it for now and for the future.
Let’s get started...
- Educate your workforce on what cybersecurity actually is.
- Trust us, information from the top is allowed.
- Set reminders
- Review processes / Practices / Culture
- Tell it ASAP
- It’s everyone job to stay online to stay online
- Safeguard your digital growth
- Be ready to respond to a digital attack
- Value your work
- Make a cybersecurity strategy a priority
- Make a point about passwords
- Install the right software and keep it updated
- Always backup your backups!
- How private is private if the information isn’t encryptedencrypted
- Be careful what you post about yourself and others
- Install a firewall for better security
- Look for the “s” in HTTPs when online
- Learn from past mistakes
- Employ a hacker
- Stay up to date
1. Educate your workforce on what cybersecurity actually is.
It's naive of us to think that everyone knows and understands all of the different forms of cyber-attacks, what they look like and what they mean. But, why should we, surely, we have our IT departments to take care of all of that?
Your IT teams can only do so much, and what they can't do is stop employees clicking on links they shouldn't because they're unsure, visit sites they shouldn't because they don't know what's appropriate, or worse, sharing information online without using appropriate security encryption methods first.
Steps to take to ensure this doesn't sound like your workplace.
- Make sure you have IT workplace policies in place, in-depth, and in a language everyone can understand.
- Please make sure everyone, and we mean everyone, in the organisation reads these.
- Monitor behaviours and explain that as an organisation, you have to stop doing unsafe behaviours just to get a task finished quicker!
- Look to create better workflows to combat point 3 and avoid the clunkiness.
- Provide constant internet security information in bitesize chunks, as and when appropriate. Employees will follow if they know why.
2. Trust us, information from the top is followed.
Leading by example is a common phrase and one which your cybersecurity protocols should also follow.
From the CEO to floor staff, everyone needs to be singing from the same security hymn sheet for it to be taken seriously and for it to be taken on board.
Steps for implementation:
- Put cybersecurity on the risk management agenda (create a risk management agenda if you don't already have one!)
- Filter down your communications and the key highlights from discussions.
- Look to designate a security officer to maintain and control the flow of information up and down your businesses lines of hierarchy.
3. Set reminders.
Not only will all of this combined information be appreciated; it also makes people much more aware of internet security and how they play a vital role.
To help achieve this objective further:
- Make sure you schedule in regular communications
- Look to set weekly, even monthly reminders, and
- Place on team meeting agendas as a regular topic for discussion.
4. Review processes / Practices/ Culture
Reviewing what you currently have in place allows you to make the right and necessary changes to be flexible in your approach to cybersecurity.
- Create documents that discuss how to create strong passwords and how to update them.
- Explain how to back up work safely and securely and what systems and software to use.
- Explain and show how to avoid malicious links in emails, what appropriate use and behaviour is required on social media, how to manage devices, what apps are ok, and you approve of during work, and how to work remotely, safely, etc.
- Review your current processes and look at what you need to incorporate and how best to communicate this to your workforce within your current culture.
5. Tell IT ASAP
Mistakes happen, this is inevitable. Especially as the complexity of phishing attempts grow in sophistication, bypassing even the most robust firewalls put in place. If you do fall victim to a potential attack, don't cover it up. This can only lead to matters getting worse and bigger problems presenting themselves.
- Look at what your current culture and processes are for contacting IT.
- Identify whom you need to speak to and call them asap.
- Provide as much information as possible, and they will provide you with advice over the phone as to the "next steps."
Knowing whom to call and how to inform the right people is the best step in being able to help fix the problem asap.
6. It's everyone's job to stay safe online
It's not just the responsibility of the IT department to keep people safe online, nor is it solely the responsibility of senior management to put the right infrastructures in place too.
Everyone must take responsibility for their role and activity using the internet and web-based applications.
But, do your employees know how to stay safe online?
- You need to provide the relevant training, identifying the most common threats such as phishing attacks and ransomware, showing what such things look like, what forms they come in and signs to look out for if you're at all unsure.
- This needs to be backed up with formal policies and,
- Regular communications to reinforce what people should be looking for if they think they're PC is under attack.
7. Safeguard your digital growth
Advances in digital technology and innovation can drive growth; however, they can also create bigger opportunities for cybercriminals.
- Change business processes to incorporate digital transformation
- Secure applications
- Manage identities and,
- Monitor your suppliers – all on a regular basis.
8. Be ready to respond to a digital attack
In today's digital era, you can't rest on your laurels; you need to be prepared at all times for when a cyber-attack might strike.
- Make sure you have the right tools and software in place (software such as SonicWall Firewall, SonicWall email security, and SonicWall online) to protect your business systems.
- Look at cyber insurance.
- Create a cyber plan, allowing you to cope with costs and deal with any negative impact.
9. Value your work
You need to protect any, and all, information about you, your business, and your work – it has value, just like money, and cybercriminals thrive on this type of information.
Steps to take to protect your most valuable possession include:
- Being thoughtful as to where you store, send, and display this information.
- Think before you connect, look at wi-fi routers as well as public networks that aren't secure.
- Make sure to use strong passwords, and don't connect to unknown or generic wi-fi networks.
- If you do access public wi-fi use a VPN and,
- Make sure to turn wifi and Bluetooth off when your device is not in use.
10. Make a cybersecurity strategy a priority
No one is invincible to a cyber-attack of some sort. To strengthen your resilience to such attacks:
- You need to build cybersecurity into your culture.
- Set up regular security strategy meetings.
- Form a strategy document that classifies and outlines the data that you handle and the level of security you need to protect it.
- Make sure you have the most effective email security software and firewall best practices in place, all appropriate to the sensitivity levels of your data.
11. Make a point about passwords
We've all heard it a hundred times, but we need to reiterate it once more (probably more but at this point just once). Employees need to know and understand the importance of their password choice.
Steps to achieve this
Put password guidance in place which covers:
- how to use a password manager to create strong and unique passwords
- why passwords should be changed frequently
- why you should never reuse a password
- how employees should never use the same password on multiple devices
- and please please make sure to emphasize that passwords should never be written down, "somewhere safe."
12. Install the right software and keep it updated
Antivirus software is there for a reason. Protecting businesses against ransomware, trojan horse programs, botnets and more, companies need to be utilising antivirus programmes and add ons to protect from unscrupulous attacks continuously.
- Install the right software to your platform, updating this regularly (a great way is to set reminders as a recurring task) and follow your antivirus instructions.
13. Always backup your backups!
Cybercriminals steal your data and keep it hostage until you pay up. It sounds dramatic, but it's true. Data can also be compromised due to natural accidents too such as floods and fire etc. To help make sure your data is backed up safely and securely:
- Instruct a disaster recovery plan identifying the exact steps you would need to follow if your company's data was found to be at risk.
- Just because you have the cloud doesn't mean you're all backed up; you need to have a contract in place that provides appropriate backup services.
14. How private is private if the information isn't encrypted?
Encryption is the best way to protect privacy and confidentiality, yet not everyone knows how to use it, set it up, and communicate it throughout the organisation.
- Make sure that as an organisation you're using end to end encryption. This is the highest level of encryption for all confidential documents and information.
- Information and attachments should be encrypted before they leave your device and remain encrypted until they reach the intended recipient.
- Work with your IT department to make sure this level of encryption is standard across all company devices.
15. Be careful what you post about yourself and others
Posting status updates and tweets online can seem harmless at the time, but it is also one of the biggest areas which land people in a whole host of trouble. Opening up you and businesses to being hacked, suffer from identity theft, etc., all because people monitor your activity and what you say online, and then use this information against you in some form or another.
Steps to avoid such adverse events from happening:
- Don't leave yourself open; don't announce times and dates when your business will be left unattended, for example!
- Don't break NDA's
- Don't post personal information about others.
16. Install SonicWall firewall security
You want and need to prevent unauthorised access from a private network, at all times.
Firewalls are the perfect solution to increase your network's security.
However, for them to be effective:
- You first need to turn them on or install them as additional security features onto your network's platform.
- You can then look to create a set of rules, rules which will allow you to let the software know, what it should allow through its filters and what it should stop, what websites can be accessed and what ones it should block, even setting restrictions on incoming and outgoing emails if you would like.
Good firewalls monitor all incoming and outgoing data, consistently and to a high standard.
17. Look for the "s" in HTTPs when online
This is not a point that everyone knows about; however, it's an important one to inform workforces, as almost everyone within an office environment will use the web at work. We're also naive to think that this usage is 100% work-related 100% of the time.
Before jumping online and heading onto any old website, you need to:
- Look for the padlock icon in the websites address bar – if it doesn't have one the site is unsecured, and your details could be compromised.
- Look for the "s" in the HTTPs, if it looks like it's missing the site is again unprotected, and you shouldn't enter any information or details
18. Learn from past mistakes
Learning from mistakes is the only way we as individuals as well as organisations can move on. Learning from highlighted practices reported in the news as well as competitor information is also essential.
To take heed of past learnings you need:
- To conduct a review of the situation that has occurred.
- Discuss the event and record and report this as part of your incident response plan.
- Make any necessary adjustments, communicating this with the rest of the business appropriately, and making sure you work hand in hand on these adjustments with IT!
19. Employ a hacker
Ok, so a little extreme but you've got to admit, interesting.
Not all hackers are bad and are out to steal your data to sell online; some actually want to help the world.
To make sure you find the right hacker, you need to:
- Look for what is known as a White Hat Hacker. White hat hackers come on board to combat Black Hat Hackers and ultimately place your company in a position of fighting fire with fire.
20. Stay up to date
Industries are becoming much more aware of cybersecurity, what it means to businesses, as well as what it costs if things go wrong. There is also numerous regulation and standards that companies must meet when it comes to protecting private and confidential information, and processes must be in place to avoid any unnecessary fines.
In this sense it's important:
- To stay up to date with:
- best practices
- suppliers, and
- Updating your software regularly and being flexible enough to adapt to new tools and technologies as and when they come to market.
- Install the right and the best firewall and email security your business needs, and stay protected at all times.
Cybercrime is unfortunately very real. How we protect ourselves and how we protect our businesses is of the utmost importance.
These tips will improve cybersecurity in the workplace in the long run, and we'd encourage you to take at least two tips away immediately to implement into your work practices, of course, we'd love you to implement them all, but let's be realistic and tick two off today!
If you found this list useful and interesting, please feel free to share online.