Unfortunately, cyber-attacks have become a common occurrence for many businesses. The financial and reputational damage that these incidents cause can seriously harm a company’s future. This is set to become an even bigger issue once the General Data Protection Regulation (GDPR) comes into effect next year. While there are some easy solutions that IT departments can implement to protect personal data – not just of customers, but employees too – businesses also have a responsibility to raise staff awareness in order to guard against these attacks.
Making things harder for hackers
The IT department can take some simple steps to bolster a company’s defences against an attack. Outdated systems can often leave a company vulnerable to a security breach, so ensuring that firewalls are up to date and that staff are using the latest version of any software will help the business defend itself more effectively. Having the latest security software will also help the company to meet the GDPR’s requirements.
However, while up to date technology is the easiest way to improve a company’s security, management should not ignore the human element. Employees are often the weakest link in an organisation’s security defences, which means that it is vital that staff are able to recognise any potential threats and report them to IT immediately.
Improving email security
There are many factors that employees need to consider when it comes to cyber-security, but learning to spot false emails can be a simple and effective way to improve the company’s security in seconds. The truth is that scammers can target any individual in the company, so every employee needs to be able to recognise the tell-tale signs of a false email and take appropriate action.
While many staff are aware of the basics such as inconsistent spelling, grammar and odd salutations, there are other factors they should also consider. For example, the look and style of an email can often be an easy giveaway; hackers are often unable to get the layout of the email correct, so staff should be on the look-out for any messages that appear different from normal correspondence.
There are also technical considerations to be aware of. For example, the name in the ‘from’ box can easily be falsified to mislead staff. To avoid falling foul of this scam, businesses should encourage their employees to look at the email domain of the sender, as well the person’s name. Email attachments can also be dangerous if the file type isn’t from a standard program – this is especially important if the attachment ends with ‘.exe’, ‘.cmd’ and ‘.com’. Staff should be cautious when receiving any Zip files, as they too can hide dangerous files from virus protection systems.
Simple tips like these can help staff to protect a company’s data, but employees also need to have a solid understanding of the dangers that the business is facing. Any training in this area should therefore cover common techniques that are being used to infiltrate the company’s systems, different ways in which staff can help defend against these attacks, and a clear protocol to follow in the event that an attack occurs. As new threats are constantly presenting themselves, training staff should be an ongoing process that provides updates and further guidance.
If staff are fully trained in these key areas, the business will not have to solely rely on its IT department for protection, as every employee will be helping to monitor and defend against cyber-attacks. This level of staff support will also help to ensure that the company meets the GDPR’s compliance requirements in 2018.
It’s important to remember that a company’s defence against cyber criminals is only as strong as its weakest link. Updating systems and providing guidance for staff are important first steps for protecting sensitive data, but the business should also invest in comprehensive training for every employee. This will not only allow employees to understand their role in upholding the company’s security, but will also encourage them to take practical steps to protect the business every day.
By Robert Rutherford, CEO of QuoStar
The inaugural Data Protection World Forum (DPWF) will be held on November 20th & 21st 2018 at the ExCeL London which will provide a broader focus across the data protection and privacy space amidst the progressive tightening of global data protection laws.
Ahead of the end of year event, DPWF has launched a series of intensive workshops.
Further information on the DPWF and workshop details are available at: https://www.dataprotectionworldforum.com/