Sign in Subscribe
Cyber Security

Cyber Security Hygiene - Awareness

Alex from AskAlex.How

2 min read
Cyber Security Hygiene - Awareness

Cyber attack attempts will continue happening and having multi-layer defense is critical to reducing the impact they can have. One layer which cannot be neglected, as it's the one that can be exploited the most and never removed, are your people. It's generally through phishing or social engineering attempts that fraud and cyber attacks are committed. To only way to reduce this (but unlikely never able to eradicate), is by creating cyber awareness in your organization.

Here are some initiatives which can help with awareness:

  • it's assumed that every new hire goes through an induction and training process. Part of that onboarding, ensure you have some cyber awareness training which covers the basics: recognizing phishing attempts, password management, privacy awareness, physical security, access management and what do when not sure.
  • For a more sophisticated approach to this, you can use a cyber awareness platform which has a library of template videos and can help put together relevant content based on current threats and also do a quiz for the employee at the end to ensure the knowledge sticks. You can have these cyber awareness campaigns on repeat, every 6-12 months and make them compulsory.
  • Create awareness in the office and workplace by printing out posters about Cyber Security or setting screen savers on computers with a cyber awareness message.
  • Run email campaigns on why cyber security is important in the workplace, but also in the employee's personal life, with tips on how to secure their banking account, how to use a password manager, not reuse passwords between accounts or subscribe to services that protect identity or notify of accounts breached.
  • Consider introducing simulated phishing campaigns, to see the maturity of your organization to cyber attacks over email. This will provide you data and also represent a teachable moment for an employee if they click on phishing emails as they can be enrolled in a training automatically.
  • Create processes in your organization that have cyber principles at core. For example, if a vendor contacts Accounts Payable to change the bank information on file, have a process in Finance that checks this request outside of the email by placing a phone call with the vendor and doing a penny run. Same applies if an employee emails HR to change bank information for payroll and the examples can go on.
  • Provide a channel for employees to report or ask if certain activity does not seem right. In Outlook, you can have a button which reports an email as Phishing or they can email a dedicated cybersecurity mailbox with questions.