Latest data from the German government showed a huge 80% jump in cybercrime. Also, 20% of British companies were hit by cyberattacks in the last year.
As more and more organizations go through with their digital transformation, the topic of proper cybersecurity becomes increasingly important. Most companies still think it won’t happen to them or that there are other issues at hand first.
The truth is, the more you postpone implementing at least basic IT security, the worse off you’re going to be. But then, there’s the other side of the coin. You may well set up some great platforms and train the appropriate staff to use it to their best. But often, the main way hackers get into your company data is not through the security layers. Instead, they rely on the mistakes of the employees.
So, here are a few simple tips that often get neglected, but are vital to the absolutely basic level of cybersecurity. One that any person today should have, especially if he or she uses an Internet-connected device at any point of the workday.
The basic cybersecurity plan
The first one is the most obvious one. The password for their company account. It should be a password they do not use for anything else. It should feature several special symbols (@!$# and the likes if possible). A password manager is also a great option, especially when you have to work with several accounts.
It’s even better to use additional verification methods, too. Like the SMS two-step verification or utilize the fingerprint reader on most modern smartphones. This will be a bit of an additional challenge for your IT team and will add some extra costs, but you will greatly improve the security of your corporate network. Some providers, like Google Apps, have it ready to be set up with a few clicks.
Next up is to establish an HTTPS connection for your company sites. It adds a pretty much mandatory level of security and boosts the online reputation, too.
Then comes the topic of Phishing. You know those fishy emails that you receive everyday telling you about a great deal or even posing as clients who have an offer for you. They often have some attached files or links to other sites. Click on them and while nothing seems to be happening, you are actually installing malware on your device.
Apart from ensuring that the device is always up-to-date, there’s little else you can do in the technical area. What’s more important here is to educate the employees about phishing scams. Often such emails mimic legitimate companies and their actual accounts. It’s not easy to spot these types of scams and it’s very easy to fall for them when you don’t pay attention. This is why employees should know more about phishing and have a few rules or guidelines to follow when dealing with new emails.
These guidelines can vary depending on the type of company, but usually they have something in common. For example, the employees can simply try to verify the sender by contacting them. This can be done with a quick phone call or a new email. Just don’t hit the reply button, but instead start a new email and add the same topic, but then ask for confirmation in the body of the email. Sensible senders shouldn’t have a problem with you double checking to make sure your company is safe.
Something similar can be done for mobile apps. They can also be quite malicious. So, if employees uses their phones or tables for work, too, then they should be extra careful what apps they install. At the least, they should be checking the needed permissions of an app before installing. For example, a weather app has no business in wanting access to your contact data or phone logs and messages.
Again, these tips will add a pretty basic level of security, but it’s often the one that’s quite important. And is also the one that is often forgotten, so a little reminder from time to time is healthy.
Image credit: Flickr (CC) / Blue Coat Photos