The effective management of cyber security in an organisation can only work if every employee in the organisation participates in cyber security awareness and is something that management needs to take responsibility for organising. Employees can play a major role in helping to keep a business secure against cyberattacks. It Is highly recommended that employees practice the cyber security policies that are put in place by the organisation’s management. One simple exploit that gets created due to an employee’s lack of awareness could cause the downfall of any business or at least cause the business to pay a heavy fine.
The following are some tips on employee awareness:
Clean desk policy
One needs to practice a clean desk policy which helps prevent information theft, fraud or a security breach caused by information being left in plain sight.
Lock your computer
When leaving your desk, be sure to lock your computer and put away all important documents. Also make sure that you are using a strong password.
Prevent unauthorised people from entering the business property
An attacker can pretend to be a contractor hired by the business to find sensitive information on the business. If you see an unknown person in your business do not be hesitant to approach them to verify their contact in the business.
Email phishing/scams
Most employees that are using computers are also most likely using email. The employees need to be aware of which attachments they open and download and to only accept emails from trusted sources and prevent responding to unknown email addresses.
Working from home computer access
With employees still working from home since the Covid pandemic lockdown, and many likely to continue having this status going forward, they need to limit access to their work computers in their homes. This is because having their children or others using the computer to play games and download files could get the computer compromised and then their company receiving a cyberattack since the youngsters wouldn’t necessarily be aware of the potential cyber threats.
Conduct cyber security training
All organisations should have a level of cyber security training for their employees and insist that they all conduct it. The training should also be done on a regular basis because technology changes going forward and a training that is relevant today might not cover all risks going forward. ITBusiness Edge has an informative article on such training and how organisations can benefit from doing it.