Content supplied by Pekin Insurance
How to Enforce Cyber Security Basics That Reduce Fraud
Arming your employees with cyber security basics can be your best bet at keeping hackers out
Businesses of all shapes and sizes have dealt with fraud for centuries, but the digital age we’re living in brings new threats and risks that companies are struggling to keep up with.
In the 10th edition of the Kroll Global Fraud & Risk Report, 86% of senior executives surveyed said their company experienced a cyber incident or information/data theft, loss, or attack in the last 12 months. Year after year, these incidents have multiplied—and they show no signs of slowing down.
Every company, regardless of size or industry, needs to enforce cyber security basics—hackers don't discriminate. However, there are a few different types of industries that have an elevated risk of being hacked, including:
1. Health care
The health care industry is still transitioning from paper to digital records, and the adoption of technology in these facilities has been slow. In addition, health care records contain high-stakes patient information that the dark web will pay handsomely for.
2. Higher education
A study by the Ponemon Institute found it takes education organizations more time than others to identify and contain data breaches.
Hackers do what they do for a variety of reasons, but a major driving factor is money—and there’s no industry with more of that than the financial sector.
4. Small businesses
Cybercriminals know that most small businesses don’t have the money or manpower to invest in cyber security heavily. They will often go after smaller companies, banking on the fact that no one can stop them.
The biggest threat to the security of your business, though? It’s your employees. According to the 2018 “State of the Industry” report from Shred-It, employee negligence is the primary cause of data breaches. This doesn’t mean they’re all disgruntled and sharing your confidential business information. Most have not been adequately trained on simple cyber security basics in a business setting, making them weak links when it comes to safeguarding information. If you’re serious about the security of your company, it’s your job to enforce these guidelines.
Cyber Security Basics Every Employee Should Know
Are your employees going to become cyber security wizards? Probably not. But with regular training, reminders, and incentives, they’re going to get better and better at being a strong first line of defense for your company. Your employees should be strong on these cyber security basics:
1. Spot a phishing email
According to Verizon’s 2018 Breach Investigations report, 92% of malware is still delivered by email—often via phishing attacks. Phishing emails have been around for a long time now, but your employees may not understand how sophisticated some have become. There are the obvious fake emails that have wild spelling errors and blatant attempts to gain information, but the newer targeted emails can look pretty legitimate—often coming from a trusted friend or family member—and can squeak through if an employee doesn’t look hard enough.
Tell employees to look carefully for small spelling differences in emails or links. Hover over links (don’t click) to see full domains. Have an inbox where employees can forward these emails if they suspect a phishing attempt and have your IT department monitor those incoming messages.
2. Don’t connect to public Wi-fi
Remote work opportunities are becoming more frequent—some people work from home one day a week, while others may be full-time remote workers. These employees should be extremely clear on your remote work policies, especially as they relate to the Internet.
Employees should never connect to public Wi-fi, as this makes their devices vulnerable to hackers. They should always connect to secure, password-protected networks. If for some reason this is simply not an option, you should give them the ability to connect to a VPN network when they’re outside the four walls of your business.
3. Install every update
Your employees may feel like their computers prompt them to install updates all the time—and who has time to sit and wait to install software during the work day? These updates shouldn’t get pushed off, though. Encourage them to take the time to make those crucial updates because some may be patching security flaws—security flaws that hackers are aware of and are hoping to use against your business.
4. Protect your devices
With mobile devices like smartphones, tablets, and laptops, there are plenty of opportunities for fraud to occur. Employees should be aware of all devices at all times and have them locked with a passcode or on their person whenever possible. It’s too easy for someone with malicious intent to steal a device, or even glance at a screen that hasn’t been locked.
Most of these cyber security basics may seem just that—basic. They are extremely critical, though, and their importance cannot be overstated. Repetition is vital in enforcing cyber security practices within your business so that employees understand you are serious and committed to protecting everything you’ve built.
Are you covered if your company suffers a data breach? Get in touch with Lincoln Logan/May Enterprise Insurance Agency to learn about your options.