It’s widely acknowledged that employees are a company’s biggest asset and also one of the largest risk areas when it comes to cybersecurity at work. How can these threats impact the overall security level of your organization and which threat vectors are the biggest risk for your particular organization? We pulled together the following list of cyber risks that are especially important when considering organizational threats - and added a few that are new on the scene since we’ve largely transitioned to working from home.
Many organizations are missing the basic systems and protocols that help their employees know how to practice good cybersecurity behavior and let them know who to contact when they see a risk. Establishing these processes goes a long way towards ensuring a culture of cybersecurity within your company and protecting you both before and after an attack. These policies are especially important now that workforces are moving towards a largely remote posture.
Poor password hygiene is a leading cause of cyber risk for both individuals and a way in for threats to enter organizations through employees. That’s why we recommend that individuals keep their passwords secure and private and organizations include password hygiene and maintenance as part of their overall security protocol. Think through how often you want employees to update their passwords (we recommend quarterly), encourage the use of a password manager, and make sure your employees don’t share credentials as shared credentials is increasingly dangerous when it comes to cybersecurity.
Malware and cyber attacks take advantage of the holes that occur when your software and applications are out of date and in an organization of more than one, the chance of a program being behind in updates increases with every new hire. Make sure to add program updates to your own internal policy and make it easy for your employees to keep their systems up to date. Consider installing an automated software monitoring manager to help keep everything current.
Phishing attacks are a huge risk for organizations. In fact, they make up one of the largest segments of risk for small businesses, they’re on the rise, and they’re becoming more sophisticated. There are some steps you can take to protect your organization and your employees - having a strong email security setup, training your employees on email best practices and how to identify phishing scams, and having a protocol in place for when an attack occurs - but awareness is only half the battle. With work from home becoming more and more prevalent, phishing scams are a bigger threat as home email networks tend to be less secure.
As personal device usage is on the rise, it also becomes a bigger security concern for both employers and employees. Corporate devices typically come with many layers of security but personal devices can be a wildcard when it comes to protection as well as access - especially when employees are working remotely. If your organization allows BYOD, it can be helpful to add specifics to your policy about how employees should use their devices (and how they shouldn’t!) as well as what is expected in terms of how to handle security.
It may seem like a given but it’s difficult to stay ahead of threats without knowing they’re out there. Many organizations - and their employees - unfortunately take an ignorance is bliss stance when it comes to cyber risk and avoid educating themselves and their teams on the latest updates. Keeping current on trends and making sure your policies are up to date can help your organization and your teammates stay ahead of the curve.
While employees and personnel make up a large portion of the cyber threats faced by businesses these days, they are by no means the only risks. Here are a few additional threat vectors to consider when thinking about cybersecurity at work:
If your business is like most other businesses, then you probably work with other companies and your partners, vendors, and services providers also have their own cyber risks to consider. The unfortunate consequence of these relationships is that their cyber hygiene doesn’t stop at the four walls of your business. If your partner has poor cybersecurity practices, it can impact your cybersecurity as well. When forging a new business relationship, consider asking your new partner about their processes and protocols. Remember - business makes for strange bedfellows.
Like phishing, ransomware is one of the most common types of cyber attacks out there and your business is not immune. Attackers see businesses are particularly lucrative - and vulnerable - targets, who are willing to pay to get their data back. Small businesses in particular are prone to ransomware attacks. To prevent ransomware attacks, consider backing up your data, installing an effective security firewall, and protecting yourself with appropriate insurance.
As with any risk, there are certain steps you can take towards mitigation but there is no way to completely remove the threat of a cybersecurity attack in the workplace. Help your leadership team and your employees to understand the threats that are most valid to your workplace and protect your business from the threat vectors that matter most. Ensure that your workers are prepared and insure your business against attacks. Sign up for updates from the Resilience team or follow us on LinkedIn for regular information, educational resources, and more.