You can purchase the most sophisticated software, implement multi-layered security systems, conduct regular system scans and use a host of other security products to keep your network protected from cyberattacks. Unfortunately, all it takes is for one individual to accidentally install malware and all of your good work has been undone. That individual is likely to be one of your company’s employees, not a hacker.
Common sense is one of the best defenses
You may not be able to install defenses that offer 100% protection against intrusions, insider threats, and malicious software, but we are sure you do your best with the resources you have available. You should install software systems to protect your network, email system and web browsers, but it is all too easy to forget that one of the best ways of protecting a computer, or the network it is connected to, is to use common sense. Unfortunately, when it comes to internet and web security, many employees have very little. Consequently, they must be taught how to act appropriately.
Some employees think they have a very secure password, but oftentimes is nowhere near as secure as they believe. It doesn’t contain any special characters, it lacks capital letters, and while it does contain numbers, only a 1234 has been added on the end. If you do not instruct employees how to create secure passwords, they will not.
You must also inform them that they must not share passwords across platforms. Sure, it is a pain remembering lots of different passwords, but if one is compromised they all will be. A recent survey conducted by Trusteer, a provider of fraud protection systems, highlighted how common this practice is. Their survey revealed that 73% of computer users use the same password to access their online bank account as they do for other online services.
You may have installed a spam filter to reduce the risk of employees falling for a phishing email. The spam filter catches virtually all spam and dangerous emails, and places them in a quarantine folder. The risk of a malware infection via email will be reduced to the minimal level.
Then not just one, but a number of employees go into the quarantine folder, and open an excel spreadsheet that has been quarantined as it is actually malware. Sometimes common sense disappears entirely. One company discovered that is exactly how hackers managed to gain access to a corporate network in 2011.
Not all scams and phishing campaigns are easy to identify
Sometimes a clever campaign is devised by cybercriminals to phish for information. Social media websites contain many examples of these. The British Royal Wedding last year saw one cybercriminal launch an interesting campaign to help access accounts with two-factor authentication. The scam was launched on Facebook, and you may even have seen it, or something about it.
The page helped you create your “Royal Name”. All you needed to do was enter in the name of your first pet, your grandmother or grandfathers name, and the name of the street where you grew up. The result could have been Tiddles Arthur Beddington. Not a particularly amusing name it has to be said, but the creator of the campaign would find it funny. Not only would those answers be helpful when attempting to guess passwords, they are also the likely answers to security questions used to gain access to internet banking websites. If your password and login name had already been compromised, you could have just given full account access to a hacker.
The importance of providing common sense training on internet security
You either have some common sense or you don’t, but when it comes to internet security, there will always be one individual who appears to have none. Make sure all of your employees are trained on the basics of internet security. Some will not know to act in a secure manner online.