Keeping employees engaged when it comes to cyber security
- Published: Friday, 19 May 2017 09:05
When it comes to maintaining an organization’s security, responsibility must be taken by every employee, not just security professionals, as organizations are only as strong as their weakest link. Matt Kaplan offers some thoughts on how businesses can help their staff to better protect their assets.
While IT departments work hard to keep systems up-to-date and threats deterred, the working practices of end-users can often thwart the most sterling efforts to enforce security, which in turn can have an unwelcome impact on business continuity. But how easy is it to keep employees engaged in security issues?
Unfortunately, the frequency of large-scale cyber security incidents for enterprises may be contributing to security fatigue, which leaves people feeling helpless and disengaged. Things are exasperated further by the personal password habits of employees, compared with those at work. A LastPass study into the psychology of passwords revealed more than a third (39 percent) of people create more secure passwords for personal accounts over work accounts. Additionally, we found that 75 percent of respondents considered themselves informed on password best practices, yet 61 percent admitted to using the same or similar password across accounts.
The logical conclusion of this reality for enterprises is to ensure that employees are armed with the knowledge to do their part in keeping the company safe from cyberattacks. Companies should focus on developing a comprehensive cyber security strategy to equip their IT teams with the right resources to engage every employee in the on-going process of safeguarding against threats.
Enforce Two-Factor-Authentication across accounts (2FA)
Two-factor authentication is one of the most effective and simple methods to protect your email and other important accounts beyond a strong password. In addition to entering a password, 2FA users must enter a second piece of information to gain access to their accounts, such as a one-time code sent via text or app on your mobile device, or even using a fingerprint. Regardless of the form your two-factor authentication is set up with, it ensures that hackers cannot break into your account, even if they have your password. By adopting 2FA, user credentials are also protected from password guessing software, eliminating the collateral damage from successful phishing attempts, and adding an extra layer of protection for your employees and customer data. Organizations are increasingly seeing the benefit of 2FA and implementing it centrally as part of wider security policies.
Make email security a priority
Even the largest and most profitable companies can struggle with security. As such, employees are a business’ first line of defence and they should take precautionary steps to bolster their email security whenever possible. Unfortunately, this is still a pain point for many businesses. Education on phishing attack awareness is also essential. Phishing remains a popular tactic for stealing sensitive information like passwords, security codes, and credit card numbers, as well as for sneaking malware onto personal devices and company systems. Many phishing emails are simple and easy to spot, but some are much more sophisticated, so it takes a healthy dose of scepticism to identify suspicious emails, links, and notifications. Protecting against phishing takes both smarter detection by the software we use, and better individual preparation.
Ensure on-going training around security policies
Businesses should draw up a policy that encompasses all things security, including everything from password requirements to management change procedures. This policy should also consider guidelines around ‘bring your own device’ (BYOD). BYOD is quickly becoming the model of choice for small and medium sized businesses: but, while it’s convenient and effective, there is risk involved. Enforcing guidelines such as staying off public Wi-Fi when accessing emails can help keep company data safe on employee devices. If employees are expected to be at the front line of company security, it’s important that they have a clear understanding of how to put this into practice. Regular catch ups with all staff are important to keeping it at the forefront of people’s minds.
Update passwords every 3 months
Adopting the practice of regularly changing passwords will limit the amount of time cybercriminals have access to your hacked account. However, having to change passwords across all your accounts regularly can be both time consuming and confusing. Not only do you want a strong combination of numbers and characters, but they also have to be unique across all of your accounts. The fastest and easiest way to refresh all your passwords securely is to use a password manager that includes an auto-password change feature, allowing you to change account passwords in a single click.
Most importantly, the success of these policies maintaining business uptime hinges on the training and readiness of the user population to round out a truly secure environment.
Matt Kaplan is General Manager, LastPass.