Three essential things to teach employees about tech security
Cyber security is a big challenge facing enterprises in recent times. However, a bigger cause for security breaches is not due to any complex offensive launched by attackers, but attackers simply exploiting the loopholes available due to carelessness and failure of employee in adhering to basic precautions.
Browse with Caution
Most cyber attacks exploit vulnerabilities inherent in the system to inject malware. For this to take place, the user has to click on a poisoned link, or download a malicious attachment, which would trigger the payload. Cyber attackers induce unsuspecting users to click or download through phishing attacks, wherein they send in emails either impersonating someone familiar, such as the bank, or offering something tempting, such as sexual content or some get rich quick scheme. The attackers may also hijack genuine attack and send in links or attachments from such email, to catch victims off guard. When unsuspecting users open such attachments or click on the links, the malware downloads itself.
The organization needs to educate their employees regarding safe browsing habits, and to recognize such phishing attempts. As a rule of thumb, the company needs to emphasis the need to avoid clicking on any links or downloading any attachments, unless solicited or expected, regardless of the sender. The company also needs to harp on the need to update patch updates for the operating system, antivirus suites and other software, as soon as it becomes available.
Many enterprises take it for granted that employees have strong passwords in place. The Trustwave 2012 Global Security Report, analyzing over two million real-world passwords used within corporate information systems, reveal that 80% of all security incidents were due to weak administrative passwords. Many companies assign poor default passwords, such as “welcome” and employees do not bother to change them. The survey also identifies 15% of people who change their password write it down and place it carelessly around the workstation, with nothing preventing an enterprising cyber criminal from employing tactics such as dumpster-diving to get hold of such passwords.
Although seemingly obvious, driving the need for strong passwords, and other login credentials, and committing the same to memory, is critical in improving security immediately.
Be Wary of Mobiles
Today’s workforce is increasingly mobile, and it is common for employees to log in to the corporate network from their mobile phones, using public wi-fi or other unsecured connections. This poses a great risk to security. A survey by antivirus vendor AVG reveals that although 73 percent of users are aware of the increased security risk of public WiFi, 66% of them connect using public networks nonetheless.
The onus is on the organization to educate their employees about the potential dangers of mobile computing, and on how to take precautions to mitigate such risks. A white list of safe apps, and restrictions on accessing the corporate network from unsecured wi-fi hotpsots need to take priority.