One of the most dangerous misconceptions that you can have in 2017 is that cyber security is only a problem for your IT department; that every breach is the result of an insecure network, out-of-date software, or an inadequate firewall. These factors can lead to a data breach, but a 2015 CompTIA survey found that human error was the cause of 52 percent of breaches, beating out technological errors. Even if your employees are not very technologically-savvy, there are still steps that they can take to reduce your organization’s Cyber Liability and increase security. Consider sharing these tips with your employees and implementing them into your current training and education processes.
Recognizing a Scam
Offline, one of the most important guidelines for people to follow is to not give away their personal information to someone that they don’t know or trust. You wouldn’t hand your house keys to a stranger on the street and tell them where you live, right? Unfortunately, many cyber attackers gain access to confidential data by doing just that. This is frequently done through emails that implore the recipient to download an attachment (which is a malware that infects the computer) or fill out a form with their information. This is made more difficult by the fact that many skilled cyber attackers know how to make their email appear as if it were coming from a reputable source.
If you have not done so already, add a segment on cyber security into your employee training and safety meetings. Teach your employees to recognize a suspicious e-mail or an unsavory source, and encourage them to always check to make sure that the email is legitimate.
Creating Strong Passwords
Many people think that frequently changing their passwords to the most complex, obscure string of characters they can think of is the key to keeping themselves secure. However, as we discussed in July, this is not always the case. Instead of changing passwords on a regular basis, only change passwords at an employee’s request or if a breach has potentially occurred. Password “hints” and security questions can also be further liabilities, as attackers could use social engineering to either guess the password or get that information from the individual.
Encourage your employees to choose secure passwords, and implement multi-step authentication to add to the information that an attacker would require. The National Institute of Standards and Technology recommends that new passwords be screened against a list of commonly used and compromised passwords, such as former passwords, breached passwords, repetitive or sequential passwords (such as qwerty, 12345, or qqqqq), and the associated username.
Practicing Safe Browsing
If you have policies that regulate your employees’ internet usage, make sure that your employees know them and are following them. If you do not have any, now is the perfect time to create some. Encourage “safe browsing” by educating your employees on not downloading attachments from the web, not providing confidential data, and not visiting unsecure sites.
About Axis Insurance Services
At Axis Insurance Services, we aim to help our customers identify their exposures and protect themselves. Founded in 1999, we offer insurance programs to a wide variety of professionals and industries including attorneys, real estate, healthcare, architects, and more, and also have a wholesale division. We pride ourselves on offering flexible insurance coverage tailored specifically to each customer’s needs. To learn more about our solutions, contact us at (201) 847-9175 to speak with one of our professionals.