IT Security Training – Humans are often the weak link in the system

With increasing reports of cyber-attacks and the constant digitisation of the workplace, it is of vital importance that you and your employees are aware of the risks that a weak IT security system can have on your company. Many companies give their employees IT security training, but these often forget that within security systems, human action or inaction is often the weak link that will be exploited by criminals. Our experts at Cara Technology have created a short guide to the key aspects that must be within your IT security training protocols, to keep your business as secure as possible.

1. Understand that you are a potential target

For many businesses, especially SMEs, they believe that their smaller size means that they aren’t likely to be the target of hackers, phishing scams or ransomware. Actually, this couldn’t be further from the truth. Many hackers will actively target smaller companies, as this mindset of ‘it won’t happen to me’ often results in a weaker security system, making it easier to hack. Equally, large amounts of phishing scams are automatic and indirect, being sent to millions of targets indiscriminately. It is only once your business and its employees understand that they really are a potential target for cyber criminals will they start to take cybersecurity seriously.

2. Make sure employees update their software

The vast majority of computer software will tell us when an update is available through a pop-up box and give us an option to update it then and there. However, many people will choose to ignore this, thinking that they will update it later, rather than interrupting their work at that moment in time. This usually forms a trend, and the update gets ignored, leaving your computer at risk. Many updates include improved defences against hackers and cybercriminals, so it is important to ensure that your employees update software as soon as possible. If any software has an option for auto-updates, then make sure this is active to remove the human element in this system.

3. Always question emails with links

It is very easy for a phishing scam sent via email to look official. When an employee is stressed, or in a rush to complete a project, it is during this time that they will be less vigilant and thus more likely to fall for such a scam. Ensure you and your employees are up to date on how to spot phishing scams, are extremely careful about giving out personal, sensitive or financial information via emails, and attempt to verify the origin of emails before clicking any direct links.

4. Good password management is key

When employees have to manage a number of personal and professional emails for different accounts, it can be easy for them to take shortcuts – the most common being using the same password for a number of different accounts. While this is easier to remember, it is also far easier for hackers to take advantage of this, significantly compromising your overall security. It may be worth using a password management programme, which helps employees to create secure and unique passwords for all of their different accounts, while also reminding them to change these passwords on a regular basis. And it goes without saying, don’t write your passwords down on a post-it stuck to your computer monitor!

5. Log off when you leave your device

Many business systems will require a one- or two- step verification process in order to boost security. However, these systems become redundant if an employee logs on to a programme and then abandons their workstation. Not only does this allow any unauthorised people in the vicinity to gain access to this secure device, it also allows an open network connection to be maintained, making it easier for external hackers to gain access. If possible, incorporate automatic ‘time-outs’ into your software, to remove the possibility of devices being left logged in.

6. Give your data different levels of access

Your company’s databanks are likely to contain huge amounts of sensitive information, from the personal details of your employees and clients to financial information and future corporate strategies. Therefore, when hosting all of this information in the same place, it is well worth allowing access on a ‘need to know basis’. It is easy to incorporate different levels of security clearance to different accounts, and this can really help to increase your company’s overall security. Equally, it can help to narrow the field if a security breach were to occur, as you are more likely to find the culprit from a reduced pool of suspects.

7. Physical security of data storage devices is key

Keeping information sorted in the cloud makes it difficult for criminals to access, especially if this data is encrypted, and one of the primary reasons for this is that the data is not housed onsite. Therefore, any data which is housed on hard drives in the workplace must remain just as secure as cloud data. It is easy for someone to steal a USB stick or external hard drive due to their small size, and regardless of the protection these devices have, a determined criminal should be able to crack it if they have the device itself. Lock up any drives or external storage devices with sensitive information on them – when it comes to sensitive information, physical security is just as important is digital security.

At Cara Technology, we pride ourselves on providing tailored and bespoke IT services and IT solutions to all of your IT needs. Focusing on proactive IT support, managed security solutions and managed disaster recovery solutions, as well as ongoing remote monitoring and maintenance, our years of experience in these fields, make us experts. For more information about our services and how we can help you, please click here to contact us at CARA and click here for more on CARA’s IT Security Services.