Security for the modern workplace: How people affect cybersecurity

Security for the Modern Workplace

2018 saw Cyberattacks being recognised as a top 3 global risk in terms of likelihood for the first time ever, followed closely by data fraud and theft. Cybersecurity has become a global concern for businesses of all sizes.
This is hardly surprising when we think about 2017’s mass cyberattacks, their victims, and the devasting effects.

The WannaCry attack on the NHS halted 3000 appointments, an attack on Deloitte exposed 143 million customers’ data, and the Petya/NotPetya attack that rampaged throughout Europe caused a worldwide outage for shipping giant Maersk and broke the radiation monitoring system in Chernobyl.

Cybersecurity has many facets, and in a web-enabled multi-device world there are many avenues of weakness which can be exposed. The good news though is that there are products, devices and operational procedures that can be put in place to prevent breaches.

At Boardroom briefings we believe in breaking down the complex into actionable, simple, effective steps. 

To simplify things, Cybersecurity can be broken down into the following key areas:
1. People
2. Processes
3. Network Security
4. Mobile Security

We will be covering each point in depth in the oncoming weeks, but let’s start at the beginning and look at how people can affect cybersecurity.

As company data is the responsibility of all company employees from board directors to receptionists, we’ve compiled a small checklist of basic cybersecurity measures to ensure your staff can identify risks, deal with them, and have limited ability to be a risk to the company themselves.

Complex Passwords

Having poor passwords can lead to your accounts being compromised very easily. Password hacking isn’t a sophisticated attack; it simply takes advantage of basic passwords that can be cracked in seconds. Further to this, if passwords are reused, hackers can gain access to multiple different accounts with just one stolen password.

In order to prevent your accounts being hacked, you and your employees should have long passwords of above 12 characters with special characters and upper and lower case. It goes without saying that every staff member should choose their own password and not tell it to anybody (including IT staff).

Password managers can often generate secure passwords for you and will store them securely so you don’t need to remember them (the main reason why people reuse their passwords for multiple sites). A great example of this is LastPass – you can find the link here.

Multifactor Authentication (MFA)

Enabling MFA adds an additional layer of security – this might be a text message to another device for example, or entering a code from an authentication app. This means that if a password is stolen, nobody will be able to access the account without the second method of authentication. [1]

Permissions and access

Your staff are your greatest asset, but unfortunately they are also a major risk, so should only be able to access what they need to do their job. You don’t want everyone to have access to confidential finance and HR materials for example or have administration abilities allowing them to reset every users’ passwords. Auditing is crucial as well so if a staff member does go rogue, you know exactly who has done what and the extent of the damage. [2]

Education and awareness

Education and awareness is often overlooked, but with the four most common types of cyberattack all being linked to human factors,[3] it really shouldn’t be. Ensuring that everyone has a thorough understanding of different types of cyberattacks, how to spot them, and how to respond if they identify or fall victim to an attack is crucial. Having this knowledge means they’re less likely to click on malicious links or initiate a cyberattack, protecting your business.

[1] – World Economic Forum, The Global Risks Report 2018 13th Edition, 2018, piii 
[2] & [3] – Contibution from our speaker, Mark Lawton. For more information on Multi-Factor Authentication please visit his company website Risc IT Solutions. Alternatively book an appointment
[4]– The four most common types of attack are: fraudulent emails (72%); viruses, spyware and malware (33%); people impersonating the organisation in emails or online (27%); and ransomware (17%). (Department for Culture, Media & Sport, Cyber security breaches survey 2017, April 2017, p40)