You can have every piece of security hardware in the books: firewall, backup disaster recovery appliances, anti-virus software… but your employees will still be the biggest vulnerability in your organization when it comes to phishing attack. How do you mitigate as much risk as possible?
- Create and Strictly Enforce a Password Policy: Passwords should be complex, randomly generated and replaced regularly. To test the strength of your password go to this site. (This is a perfectly safe service sponsored by a password protection platform that tells you how long it would take a hacker to decode your password.) When creating a password policy, bear in mind the most prevalent attacks are Dictionary attacks. Most people utilize real words for their passwords. Hackers will typically try all words before trying a brute force attack. Instead of words, use a combination of letters, numbers and symbols. The longer the password, the stronger it is. While it’s difficult to remember passwords across different platforms, try not to repeat passwords. This will protect all other accounts in the event of a breach on one of your accounts.
- Train and Test Your Employees Regularly: Educate your employees on how they can spot a phishing attack. Then, utilize penetration testing (a simulated attack orchestrated by your I.T. company) to see how well they respond. If employees fall for phishing attempts, send them through training again. We recommend doing this on a quarterly basis to ensure your employees stay on their toes and you always provide education on the latest attacks.
- Create a Bring Your Own Device Policy and Protect Mobile Devices: You can safeguard as much as humanly possible on your network, but your employees are all walking in with a cell phone. Are they allowed to get emails on these phones? What about gaining access to the network remotely? Cell phones create a big black hole in security without proper mobile device management and mobile security.
- Perform Software Updates Regularly: Make sure your software is up-to-date with all the proper security patches.
- Invest in Security: Consumer-grade hardware is not sufficient. Skimping on security solutions may be the difference in whether you become a victim of cybersecurity. Invest in your employee’s training, ongoing security updates and maintaining a full crisis/breach plan.
There are two things that aren’t going away in any business– employees and security threats. Make sure you’ve taken care of everything you can to avoid falling victim.
Interested in security training for your staff? Please complete the form on this page, and one of our team members will be in touch with you shortly to discuss how best to get started!