You know the old saying from Smokey the Bear, “Only you can prevent forest fires” The same can be said about security breaches within an organization. The first line of defense against a security breach is actually the staff of the company. In a recent study conducted by the Ponemon Institute called the 2016 Cost of Data Breach Study, 874 incidents were analyzed. 568 of the incidents were caused by employee or contractor negligence; 85 by outsiders using stolen credentials; and 191 by malicious employees and criminals.
There are ways to train your staff to help them understand how to spot a scam, and how to keep from being the weak link in an otherwise secure network environment.
Practice spotting phishing emails
There are a few tell-tale signs an email is phishing for your credentials. Some of these emails can be extremely sneaky though, and even the savviest internet user can get tricked. There are services you can sign up for that will randomly send your employees emails that will try to trip them up. You will get a report of which of your users fell for the trick, so you can retrain those employees on how to spot a scam email.
Enforce complicated password policies
Although everyone likes to complain about the password policies they are required to follow, the more complicated the password requirements are, the more secure the credentials will be. The most secure passwords use a combination of upper and lower case letters, numbers, and special characters. The passwords should also be longer than 8 characters, but longer would be even better. Finally, the password should also not contain any words that can be found in a dictionary. Using a password manager can help you generate secure passwords, that don’t even require that you remember them.
Keep software up to date
Operating systems and programs send out regular updates. Often these updates do more than improve or add features. Most updates also include security patches that plug holes in the code of the operating system or program. When users do not update their operating systems, it leaves them vulnerable to attacks that exploit these holes. The main reasons the Petya ransomware attack was so successful was the number of systems that had not updated the operating system of their computer.
Avoid getting malware
Latent malware on a system can open the doors for more attackers to infiltrate the system, and can then compromise the entire network. Regular scans of the computer for malware and viruses can help mitigate this issue. However, avoiding getting them altogether can help tremendously. This is another place where regular security training can come in extremely handy. Make sure users know that pop up messages that claim they have a virus, are generally viruses themselves, and should not be clicked on.
Make sure employees understand that they are the first line of defense against security breaches. When they are aware that they can help protect the business network, they can be more vigilant about keeping that network secure.