Having your IT systems compromised is a nightmare that no company wants to experience. Reputational damage, huge financial losses and potential legal problems can befall an organization that has experienced a data breach. Some companies are completely destroyed.
Your line of defense against internet security threats is your people. Unfortunately, employees are often the weakest link in security.
In fact it is estimated that as many as 90 per cent of cyber attacks happen because of error by employees – whether they’ve been lax with their passwords or clicked on something malicious, they are often the conduit for cyber criminals to break in to your organization.
These are our top tips to prevent insider security threats brining your company unstuck:
1. Have a security policy
Having a policy in place sets out guidelines for your staff to prevent and detect misuse.
2. Hold security awareness training
Periodically ensure all employees understand your policies and procedures.
3. Be vigilant about physical security too
Some incidents can occur when people who shouldn’t gain access to your offices or your computer equipment. Encourage your staff to be vigilant about security your organization’s physical location(s) and to take care of laptops, tablets, phones and other mobile devices belonging to your company.
4. Use DeskAlerts to notify about threats
DeskAlerts is an internal communications solution that will allow you to instantly communicate with your entire workforce to ensure they are kept up to date. You can use it to send urgent notifications to your entire workforce to advise of a new identified threat or to provide ongoing hints and tips around internet security.
5. Have strict password and account management policies
If passwords can easily fall into the wrong hands or be guessed, then you’re going to have a bad time.
6. Regularly patch and update your software
When vendors release patches and updates for software, it’s important to install these as soon as possible to prevent hackers from gaining access to your systems through known vulnerabilities.
7. Monitor network activity
Your IT security team should be able to look at the usage data being generated by your employees to determine if any suspicious activities are taking place. This includes logging, monitoring and auditing the actions your employees take while online.
8. Disable accounts when employees leave
Once an employee has left your company, there is no reason for them to contibue to have an account – especially if they have been fired, Even if they've left on good terms, keeping their account active is a security risk, The account could be accessed by someone else if nobody owns it and is paying close attention to it.
9. Run quizzes
If you want to be sure your efforts to improve security are paying off, you can use the quiz module on DeskAlerts to see if employees can answer a range of questions about security. If you identify significant gaps in their knowledge, you can focus education efforts to correcting it.