What you should teach your staff about cybersecurity

3 January 2019 by Mark Williams

When it comes to cybersecurity, your employees are your weakest link. Forty-two percent of small business owners say employee negligence is the leading cause of cybersecurity breaches. This is a damning statistic, and if it reflects your business even slightly it’s obvious who is to blame – you.

That’s right, even if your employees’ actions cause a cybersecurity breach, the buck stops with you. If you have not provided cybersecurity training and awareness for your staff, don’t be surprised when they cause a breach.

In 2016, only one-in-five UK businesses provided cybersecurity training for their staff. This is not good enough. Especially when 52 percent of business leaders themselves don’t know what to do in the event of a cybersecurity incident.

If you’re not a cybersecurity expert, it’s best practice to get a reliable IT partner to deliver the training. However, if for whatever reason you can’t do that, there are some key areas you’ll need to cover.

Here are three things you should teach your staff about cybersecurity.

Click to get your free IT security policy template

1. The basics of email security

Seventy-eight percent of employees admit to being aware of the risks of suspicious links but click on them anyway. This is an unacceptable risk for your business. Here are some tips for identifying a potentially malicious email:

  • The sender will convey a sense of urgency, encouraging the reader to act or click on a link
  • Often, they are badly written e.g. ‘Could you please to click link’
  • They may also have unidentifiable email domains, pixelated images and logos

 

As well as being on the lookout for these indicators, there is another quick trick for testing whether an email link is genuine. Hover the mouse over the suspicious link. At the bottom left of the window a box will pop up with the destination URL. If it matches and is identifiable, you’re fine. If it is unidentifiable or does not match the company/message of the email DO NOT CLICK.

2. How to create a strong password

Too often people have a single password for every single online platform. This is usually a word or number that is very easy for hackers to figure out e.g. your birthday, anniversary or mother’s maiden name.

When creating a password, it should be long, include numbers and symbols and be random. However, these are hard to remember. Luckily we have two tips for making a strong, memorable password:

  • Use a random string of words. It has been shown that ‘correct horse battery staple’ would take a computer 550 years to guess at a rate of 1000 guesses per second to crack it.
  • Use a memorable phrase to base it on. This doesn’t have to be a famous one, in fact, the weirder the better. For example, ‘I wouldn’t waste money on thirty-seven old donuts for my fireplace’ could be IWn’tWMo37ODfmfP.

 

3. How to keep mobile devices safe

It’s common for people to have devices that they use for work. However, if they don’t take security seriously, they could cause major damage to your business. To keep mobile working safe, make sure your employees follow these three steps:

  • Prevent physical theft. Obviously, employees should avoid losing their phone either accidentally or through theft. Beyond that you need to ensure they have lock screen security and software that allows them to remotely find, lock or wipe their phone.
  • Don’t take unnecessary security risks. These include avoiding unknown potentially malicious Wi-Fi networks and jailbreaking devices. They should also manage apps carefully, only getting ones verified as safe by your IT tea.
  • Use security software. Without an anti-malware mobile security system, your devices will always be at risk.

Train with the best, because hackers don’t rest

A modest investment in security awareness and training has a 72 percent chance of significantly reducing the business impact of a cyber-attack. In fact, most cybersecurity training programmes result in a 37-fold return on investment. So, the question is, what’s stopping you from keeping your business safe?

If you’re interested in perfecting your business’s cybersecurity, why not book a free security evaluation with one of our experts. We’ll highlight the vulnerabilities in your business and explain how you can keep your business safe.

Click to get your free IT security policy template

 

Download Pensar's business guide to ransomware

Free email updates

Get Pensar business IT articles in your inbox.