Start at yourself. This creed can be applied in many situations and also applies to the prevention of data breaches, ransomware infections, and other forms of cyber-criminality. I believe in user adoption and the opportunities that it offers. That is why I will give you a number of tips in this blog how you can involve your users in the cyber-criminality theme. Because in many instances, a data breach is caused by a human error. For instance, on average it takes a business more than 9 months to solve an infection after it has been detected* and the number of reported data breaches attributable to cyber-criminality has increased by 25%*.
Awareness starts at the board of directors
At many businesses, the awareness in the area of cyber-security is, unfortunately, minimal. For instance, only 20% of the boards of directors have confidence in their implemented cyber-security measures. And at more than 1 out of 3 (36%) of these organisations, cyber-security is not structurally discussed during board meetings. Setting a good example obviously starts at the board of directors. Assist your employees in taking the step to cyber-awareness and their behaviour.
Avoid the use of public WiFi networks
Easy, right? Quick access to a public WiFi network with your telephone or laptop. In most instances, we do not consider the potential threats. Most of the providers of public WiFi networks also offer this service with the best of intentions. Think about a restaurant, café, or hotel. Yet you need to properly consider whether you should use this kind of public WiFi network. It is very easy for malicious parties to abuse this kind of network – with all associated consequences. This is evident in the following video. One of the tips is that it is best to avoid public WiFi networks.
In the video of Alert-Online, Isabel Provoost seeks an answer to the question: are public WiFi networks secure?
Watch the video (00:03:38)
Involve your users in security and give tips
You can see the strength of the new technology that has recently been implemented; think about, for instance, Office 365. Home-working, cooperation, and sharing information with colleagues; many duties are much easier with this technology. But you can still see users who print email messages. Users who save documents on a USB stick to continue working on at home. You also see users who still email entire documents. You can still see an abundance of email messages pass by, related to projects and customers. The question that then arises is: why do they not rely on the strength of the functionality of Office 365? What do you mean they are not working together on projects in Teams? Then they would not need to email so much. Why are they not relying on the strength of OneDrive and SharePoint? In that case, you can simply send a link to the document. An additional advantage is that you always have the latest version of a document. You no longer have to search for documents. Why do they overlook these opportunities? It is often ignorance and, as we know: unknown, unloved.
How do I increase the satisfaction amongst my users?
The most important pitfall when ICT projects fail is the lack of support. We easily assume that users will understand the technology. The reason is that we assume that our users can simply deal with every change. We pay little to no attention to user adoption. But new technology alone will simply not automatically result in a new working method. In general, people experience difficulty with change. However, a working method as explained above with Office 365 as an example, also offers a number of improvements in the area of cyber-security. USB sticks with sensitive data that are no longer left lying around, documents that are no longer lying around or left at a printer. That is why it is important to think about user adoption.
Cyber-security is a responsibility of all of us. Together for a digitally secure the Netherlands. For instance, you can order free posters on our website with which you make your users aware of various situations.
We developed a digital version for the colleagues working from home. This is a nice and easily accessible way to involve users in a topic.
A few more tips to reduce potential risks:
Every situation is different and requires a different approach. There is therefore no golden rule that provides complete protection. Ultimately, it is about recognising and reducing the risks that are focused on your specific sector or organisation. Nevertheless, there is a list of basic measures and tips that will reduce the hacker’s chances of success.
- Make sure that passwords are unique per application and website.
- Make sure that passwords consist of a series of letters, numbers, and symbols, so that they are not easy to retrieve.
- Change your passwords regularly.
- Do not put your computer / laptop in sleep mode but turn it off completely when you no longer us it.
- Make sure that other people cannot see what is on your screen.
- Technically enforce Multi-Factor Authentication (MFA).
- Do not simply log in on WiFi environments.
- Do not click on a link in a chat or email message if you do not trust it.
- Always install software updates as soon as you receive a notification.
* source: Tesorion Whitepaper