According to the 2018 Privileged Access Threat Report, 59 percent of UK organisations have possibly or definitely suffered an insider related breach in the last year.
An ‘insider threat’ conjures up images of a double agent in your business stealing your data, but it’s not just that. An insider threat can be as simple as an employee opening a phishing email, leaving their computer unlocked in a public area, being connected to an unsecure public Wi-Fi, or not keeping your devices and software up-to-date.
A cyber security breach not only affects your data but affects your business reputation and customer relationships. It also costs not only time, but money in recovery, fixes, and fines. In fact, cyber security threats are expected to cost companies $6 trillion worldwide by 2021.
Cyber security isn’t something to be left to the IT managers in your business, it should be something embedded in every employee, making everyone a cyber security champion.
By improving security on all levels, you’re winning employee and customer trust. Here are some simple tips to face these threats head on.
Train your staff
Perhaps the most obvious, but training and introducing best practices will help mitigate breaches. Find courses, whether online or in person, that will educate every member of the team.
This includes recognising and handling phishing or spoof emails, keeping devices and software up to date, data protection, and safe online and device behaviours. Make sure you include refresher training periodically too.
Having access to emails on any device is a great benefit for mobile working, however you should never sacrifice security for convenience.
An email client such as Microsoft 365 will automatically distinguish between spam, phishing, and legitimate emails, attachments, and links. It also has the tools you can harness to secure data and protect against threats, lowering compliance risks and costs.
Up-to-date device policies
Cyber security threats don’t just come through your inbox or online. Make physical security just as high a priority by outlining best practices to keep devices safe.
Make multi-factor authentication a requirement on all devices that are connected to work accounts. Create protocols on what to do when a device goes missing or is compromised, such as who to contact and the technical needs.
Update your software
It is critical everyone in your organisation keeps their software up to date. If you have moved to cloud-based software, security updates are made automatically. If your organisation hasn’t moved to cloud-based, you can still automate updates and push them out to your employees.
Encourage responsibility in your team for installing updates on their own machines by having software that prompts users to install updates.
Regardless of all the safeguards you have in place, your employees need to be trained and confident in using the tools and technology. You need to ensure you keep training and reminders about the importance of cyber security.
This way, your employees will be confident to recognise threats before they get caught out, but they will have the information they need to not take risks.