You may not be aware that your staff could be putting your data at risk. A scary thought when you think of how many people there are in your company, all performing activities on a daily basis that could well be almost constantly putting you at risk of cybercrime.
When you think about it, it does make sense. Afterall, who uses your system’s constantly? Who updates your files, adds to your files, uploads them and shares them? Who relies on your computer system and company information to do their job? Your receptionist? Your leading salesman? Your outsourced project manager in Europe?
When you think about it this way, you may well suddenly feel wide open. And quite rightly so. Cybercrime is at an all time high according to headlines in the media this year. There has been a 55% rise in fraud connected to cybercrime, and it is costing the economy over a billion pounds a year.
Hackers are always thinking about how they can steal data from you, or make money by holding your data to ransom. Processes your staff could be going through right now in their hundreds or thousands, could well be making your company more open to cybercrime.
With things like cloud services, file transfers, USB drives, smartphones, tablets all being used to share sensitive information, it makes sense that the hackers jobs are being made easier.
Clearly your staff aren’t trying to expose your business to cybercrime, but, they are a weak link without knowing it, and you have the power to not only stop them being a weak link in your company, but actively make your staff part of what makes your company strong.
There are many ways a member of staff might compromise your data. Including things like:-
- Being off on a day online security training occurred and them coming back in none the wiser because the trainer hasn’t had time to speak to them.
- Leaving their computer unlocked and unattended at reception.
- Leaving their laptop in a cafe unattended under the care of another person doing work next to them (but still a stranger) to go to the toilet, but their laptop contains access to company information.
- Losing their smartphone which contains passwords and other security information for work, and the phone falls into the wrong hands.
- Sharing information in a non-secure way, like through a file-sharing app.
These are just some of the ways staff can compromise your business. However, there’s plenty of room for you to train them to help them protect the business against cybercrime.
Getting them trained on ways to identify potential issues, and to resolve potential issues is really important to helping them feel engaged and onboard with your organization’s fight against cyber-attacks.
Here are a few things to consider to help you help your staff keep your data safe:
It can be so easy when you are management, to think about training in terms of those in a lower pay grade, or those in certain jobs within the company. You might not want to train senior managers for fear of being seen as patronising, you might not want to include workers who work only one day a week because of resources, you might not think that outsourced staff need training. If you want to ensure every avenue is covered, then you need to leave this approach behind and instead consider every single person who has access to your company data as somebody who needs to be trained and engaged with your anti-cybercrime programme.
More often than not, employees can be trained on subjects and not have any real understanding of why they are being trained. Staff don’t understand why they should care. You might see this as a bad attitude but, imagine if somebody told you to do lots of different things for no reason, you would want to know why. Helping your staff understand how a cyber-attack would affect the business, and how it ultimately affects them is an excellent way to get them to see why they need to be vigilant at all times when it comes to cyber-security. Give them examples of different scenarios and how they might directly affect their job.
Don’t be so unwise as to think that because your business is small, you are less at risk. Cyber criminals will attack anybody they can steal money from. According to statistics from this year:-
- 43% of cyber attacks are targeted at small businesses.
- 60% of small businesses will fall through less than a year after suffering a cyber attack.
- Nearly 50% of cyber attacks on small businesses were on purpose (not human error).
Don’t let those figures scare you, let them inspire you to ensure your small business is effectively protected against cyber crime. Even if you only have a few members of staff, they all need to be educated on how best to protect your business against cyber attacks.
Invest in cyber experts who will ensure you have all the best and latest technology in your company to protect you against cybercrime. If you invest in processes like a business penetration testing service, you will find out quickly where your weak spots are, and if they do relate to staff, how they relate to staff and what you can do to turn those weaknesses into strengths.
One of the easiest ways for any new set of processes to fail in an organization, is for the communication of the new processes to fail first. You might have invested in all the right experts and advise to get your company in ship-shape and have an actual anti-cybercrime system in place to roll out, but the system cannot work, because you haven’t communicated it properly. Perhaps the trainer doesn’t understand how important it is to stop staff using the computers until they are trained, perhaps you haven’t organised training properly. Perhaps staff don’t know why this is even important. Alongside any new strategy for change, you must have a communication strategy in place as well. Let trainers know how to train, when to do it and how important it is. Have a digital signature system that only allows staff online once they are trained. Have a designated person who will take any enquiries about cybercrime from staff. That way everybody knows who to report it to. Without adequate communication, any new attempts at beating cybercrime in your company will fail.
Educate staff on how to create strong passwords. It sounds simple but, most people don’t know about things like cyber criminal systems where they run dictionary combinations with numbers to try and hack passwords. Consider rolling out a business / team orientated password manager.
Ransomware is the most common type of malicious cyber attack, according to statistics from this year. Ransomware commonly comes through phishing emails, but they can come through links on website adverts, or on apps. Staff should be aware that they shouldn’t be clicking on anything suspicious looking. Perhaps show them examples of sophisticated phishing emails and attachments so they know what to look for.
With the right approach, and the right advice, you can not only have the most advanced and secure system against cybercrime, but you can also have an entire team of enthusiastic staff on your side helping keep your company protected, so you don’t have to become one of the many horrifying statistics on cybercrime this year.