With Cyber Security month well underway, there is no better time for businesses to start educating employees on the risks of sloppy online practices.
With employees posing the biggest security risk to businesses, Sophos has prepared a list of the most common security mistakes employees can make, often without even realising the risk they are posing to the workplace.
Are you committing one of these three sins without even knowing it?
- Poor mobile security – There’s dozens of mobile devices in the workplace, many of which are not protected by encryption or even a PIN. SophosLabs found Android devices most at risk of attack, reporting a 1,800 per cent increase in Android malwareover the past two years.
- Bringing your own device into the workplace – Using your laptop or phone both at home and at work can threaten the device and company data, with Macs particularly vulnerable to malware and data loss.
- Using public WiFi – A third of wireless networks are not using the latest security standards, giving hackers have unfettered access to unsecured devices connected to WiFi hotspots.
Other common mistakes still happening on a frequent basis include opening booby-trapped documents and falling for gimmicks online with 80 per cent of all web malware hosted on legitimate websites.
How can you improve your cyber security?
Sophos has put together some tips for avoiding these common security mistakes and protecting business. Below is the advice David Sykes, Business Leader at Sophos Australia had to share with Anthill on how businesses can protect themselves from these common mistakes.
The biggest employee issue is lack of awareness. People constantly compromise security for convenience. Few people draw the connection between their careless actions and the potential to compromise a business. Consequently, driving regular awareness programs and self-testing through things like in-house SPAM emails is a good place to start.
The irony is that taking the most basic, personal precautions can significantly reduce the risk for both the individual and the business. The basic steps for individuals to consider include:
- Protect every device, including your phone, laptop, tablet, work and personal. Implement “on board” security such as passwords (6 digit), Find Phone, etc. In addition, and at the very least, deploy anti-malware protection and ideally, device encryption.
- Do not use free Wi-Fi for any sensitive information sharing. If you must, use a VPN connection.
- Be aware of social scamming. Do not give passwords or log-on details over the phone and never open attachments from unknown email senders.
Businesses also need to deploy basic security measures:
- Have a BYO policy and control mobile access and wireless deployments
- Encrypt your data – ideally all data on hard drives, and preferably also files being posted to Cloud services and emails. At a minimum, evaluate what is critical business data, where is it stored and ensure it is protected with encryption.
- Consider the gateway – the points where the Internet touches your business. Deploy appropriate protections, including firewall, web and mail filters.
Nothing is 100 per cent secure and if a bad guy really wants to compromise an individual or a business, then they will… eventually. But these steps will significantly reduce the risk and go a long way to avoid being caught in a broad based scam or malicious attack.