|Cybersecurity training adds another
layer of security to your IT Infrastructure
by David Jensen
The recent surge of security breaches and ransomware attacks is reinforcing the need to make cybersecurity an all-hands endeavor. Despite all the cybersecurity tools that companies are implementing, security breaches are still rampant because one of the top cybersecurity weaknesses in all industries is the lack of training employees on cybersecurity.
Cybersecurity has largely been rooted in intrusion detection and prevention technology designed to protect your network infrastructure, databases and system software. However, one error on the part of an employee could render all your security measures useless. This where training your employees on the latest cybersecurity trends and tactics is vital to your organization’s security efforts.
Cybercriminals are constantly exploring new technologies and methods for gaining access to your network and data. Consequently, your organization needs to foster a culture of cybersecurity that includes policies requiring employees to receive training on a regular basis. The following are some of the more common cyberattack methods.
During a typical workday, employees exchange numerous internal and external emails. Some of the most common security vulnerabilities exploited by cyber actors (cybercriminals) involve email.
One attack method is to send an email with either a link or a Word file attachment that contains malware. When the recipient clicks on the link or opens the attachment, the malicious code is unleashed, which can spread throughout the company’s network.
Another method involving email is called phishing, where an attacker sends an email that appears to be from a known sender in an attempt to trick the recipient into divulging login credentials or account data. Cyber actors often target specific workstations by using keyloggers, which is a type of surveillance technology that tracks and records each keystroke. This technology can identify the names of people or companies that frequently send email to a workstation.
Passwords have always been a thorn in the side for people who work on computers. Consequently, employees are notorious for defeating the purpose of passwords, even to the extent of writing it on a sticky note and posting it on their monitor for all the world to see. Here are a few other ways employees make it almost too easy to learn their passwords:
- Easy to guess. Many people choose passwords that are easy to remember. It’s not surprising that the word ‘password’ is one of the most commonly used passwords. This is followed closely by ‘123456’, ‘changeme’ and ‘qwerty.’ By randomly entering popular passwords, hackers have a high success rate with gaining access to a network so it’s important that employees set up more complex login credentials.
- One password fits all. It’s not uncommon for people to use the same user ID and password combination for their work computers, social media sites, games and of course their financial institutions. Once a hacker learns someone’s user ID and password combination, all of that person’s other authenticated sites and applications become vulnerable to attack.
- Password sharing. When multiple employees use the same workstation or software, it might seem easier for everyone to use the same login credentials. Eventually the concept of secured access evaporates. Also, if this community authentication never changes, a disgruntled former employee can still access the software and proprietary information.
This article is related to the Product Data Sheet:
Most companies require security badges to enter buildings, but mistakenly don’t require employees to keep their badges visible while in the building. This makes it difficult for anyone to recognize if someone doesn’t belong. Meanwhile, a security vulnerability could be wandering the halls unnoticed, which could present an opportunity for one of the following security breaches:
- Unattended workstations. In the event an employee leaves a workstation unlocked, an intruder can have unhindered access to the computer and all the confidential data.
- Portable storage devices. An intruder or even an employee who has access to a company’s network can download confidential data on a portable storage device and walk out of the building. In other cases, an intruder might leave a thumb drive loaded with malware near a vacant workstation. When a curious employee plugs the device into a computer, the malware is released on to the network.
A culture of cybersecurity encourages employees to be security-minded. This includes using security badges as they are intended. Employees also need to get in the habit of locking their workstations no matter how long they plan to be away.
On-Going Cybersecurity Training
Cybersecurity trends keep evolving so it needs to be part of an on-going employee training program. It may seem cumbersome for employees who already feel overworked, but it will improve your company’s security posture. Automated training and tracking technology can help simplify the tasks of setting up and coordinating the necessary training for each employee. Some areas to focus on for cybersecurity training include:
- Instruction on the latest cyberattack trends and technologies and the countermeasures companies are implementing to mitigate cybersecurity threats.
- How to recognize and report suspicious emails to prevent phishing attacks.
- How to recognize malware and viruses and determine how their computer might have been infected. If an employee’s computer becomes unusually sluggish, it could be infected.
- Company policies on reporting and handling ransomware attacks.
- Company policies on the proper use of portable storage devices, mobile devices and non-company computers.
Cybersecurity is not just about technology, it is an endeavor that’s everyone’s responsibility. No company can be totally secure from cyberattacks, but investing the time and effort in establishing a culture of cybersecurity can significantly improve your ability to prevent a security breach.
David Jensen is a marketing communication specialist at MasterControl. He has been writing technical, marketing and public relations content in technology, professional development, business and regulated environments for more than two decades. He has a bachelor’s degree in communications from Weber State University and a master’s degree in professional communication from Westminster College.