Cyber security - combat your greatest risk: Your employees

Of all the components that contribute to cyber security, your employees are your greatest risk. Right now, at least one employee is undertaking an action that will pose a cyber security risk to your business. According to the Department for Digital, Culture, Media & Sport (DCMS), the average cost of a cyber security attack for a small business is £3,230 and for medium to large business the cost increase to £5,220.

Imagine that, your employee unknowingly costing your business between £3,000 – £5,000! Which is why we have developed a number of cyber security tips for your employees.

1. Lock devices

Believe it or not, this is still a problem. And we aren’t just talking about laptops and desktops, what about your employee’s mobile phones or tablets? All such devices could contain sensitive information about your business. If these devices were to fall into the wrong hands, it could be catastrophic for the company.

It could give a hacker access to crucial company information which could be used as blackmail, or the ability to impersonate another person for example.

Enable device locks on all business devices, and for mobiles and tablets ensure you enforce pin codes. This is a simple and effective way to increase security on these devices.

2. Passwords

Do you have a password that you have re-used? If you have said yes, imagine how many of your employees are going to say the same. It is understandable that choosing a strong and memorable password is hard, which is probably why “123456” has been used over 23 million times.

The National Cyber Security Centre (NCSC) have compiled a list of the most commonly used passwords. Just from the table below, you can see how frequently simple passwords are being used.

Most used in totalNamesPremier League teamsMusiciansFictional characters
123456 (23.2m)ashley (432,276)liverpool (280,723)blink182 (285,706)superman (333,139)
123456789 (7.7m)michael (425,291)chelsea (216,677)50cent (191,153)naruto (242,749)
qwerty (3.8m)daniel (368,227)arsenal (179,095)eminem (167,983)tigger (237,290)
password (3.6m)jessica (324,125)manutd (59,440)metallica (140,841)pokemon (226,947)
1111111 (3.1m)charlie (308,939)everton (46,619)slipknot (140,833)batman (203,116)

A simple trick to help create a strong memorable password is to think of three random words with the addition of two numbers such as BigUniverseBlack55. Try and steer clear of predictable words such as sports teams and family names and don’t use your birth month or year. Advise employees that work related passwords should not be the same as any personal passwords used, and not to use the same password across multiple accounts. You don’t want all accounts compromised by a lucky guess of a single password.

To help your employees out, consider introducing a password manager solution. It will allow your employees to be confident in not re-using passwords, and will help create more complex passwords. There are many password manager solutions available on the market, however you will need to evaluate which one will be the most secure for your business. It is a better solution than your employees writing their passwords down on post it notes or diaries.

3. MFA

After discussing passwords, the next option to increase security when accessing software, applications and data is to implement MFA.

MFA has been used for sometime in a number of sectors and most likely something you have seen recently with your online banking solution.

Implementing MFA gives you added protection should someone use a weak password, or worse still are the victim of a phishing attempt. MFA protects access to resources by asking for confirmation that a logon is happening and you have to grant or deny access via a token, code or software application. Duo provide a useful overview of how MFA works here – MFA overview

4. Training

As we have already touched upon earlier in the blog, staff pose the biggest threat to your businesses security. Educating them to understand the risks and how to better protect themselves will help your business reduce the chances of a breach.

It is important to build a culture of security awareness and to involve all of your teams. It is impossible to protect yourselves and systems from every threat but having a team who have good general awareness will certainly give you greater peace of mind.

According to the Department for Digital, Culture, Media & Sport (DCMS) since 2017 phishing attacks now make up 86% of breaches.

Implementing an ongoing cyber security training plan for all staff will pay off. The training will help them identify risks before they become a serious business problem.

A variety of training providers are available who specialise in on-going cyber awareness training. The providers also invest and update the content to recognise emerging threats. It is important to remember that training should be continuous and the investment could save your organisation thousands of pounds in terms of clean-up and fines.

5. Control access to your company data

It may seem simple enough but controlling access to your data is an important step in securing your organisation. You should only give access to the data and systems your employees need to perform their role.

Gone are the days where it was acceptable to give all users access to all systems and data. In the event of a breach, this action alone will already reduced the impact to your business.

Even within our own organisation the Senior leadership team only have access to the systems and data required for their job. This is not to make things difficult but to make sure access is only provided to what they really need.

Thoughts – Cyber risks

As a business, it is your responsibility to build a security focused culture. Customers expect you to manage their data with the care it deserves and it is no excuse that a breach occurs due to weak internal practices or poor staff awareness.

By investing in the right tools and training staff on the latest threats you will be as secure as you can be. You can also use it as an opportunity to gain a competitive advantage, as your approach to security is serious and your future clients can see this clearly demonstrated.

Want to speak to us? You can book a meeting online with one of our directors.