Cybercrime is one of the most pressing challenges facing businesses today. In 2020, 46% of U.K. businesses reported experiencing a data breach or other attack, and 39% have already reported the same this year. As this trend continues, organisations must start to treat cybersecurity as more than just an IT issue.
Many businesses are aware of the risks of cybercrime but see it strictly as a technical matter. As digital technologies and services become an essential part of all operations, cybersecurity becomes everyone’s responsibility.
Why All Employees Should Consider Cybersecurity
There are two primary reasons why cybersecurity is relevant to every department. First, cyber attacks affect everyone. A data breach today can do more than just disrupt IT services or put work on pause. In today’s hyper-connected, always-online world, a breach could compromise employees’ personal details, including financial information.
Second, and perhaps more importantly, cyberattacks can come from anywhere. The biggest cybersecurity threat is uninformed users. No matter how advanced IT departments’ cyber defences are, a simple mistake or poor choice can let a hacker in. Cybercriminals know this, too, and they’re taking advantage of it increasingly often.
Today, many cyberattacks attempt to get around technical defences by tricking users into giving away sensitive information or clicking malicious links. More than half of all cyberattacks in the U.K. involve phishing, a type of these human-targeted attacks.
Whether they realise it or not, any employee can be the source of a data breach. With that in mind, here are five cybersecurity steps that apply to any worker in any department.
Don’t Trust Unsolicited Emails
Phishing attempts and other social engineering attacks typically come as emails, as that’s the standard for professional communication. Consequently, all employees should scrutinise any unsolicited emails they receive. As a rule of thumb, users should never click on a link in an unsolicited message.
Employees should also verify an email’s authenticity before responding to it. Looking for spelling errors and unusual domain names or addresses can help spot a fraudulent email. If something looks suspicious, employees should report it, and no one should send any company or personal information through email.
Use Strong, Varied Passwords
Another common vulnerability among non-IT employees is password security. Cybersecurity experts have found the password “123456” 23 million times in data breaches, highlighting how many users use unsafe passwords repeatedly. Longer, more complex passwords are harder to brute-force, and never reusing passwords ensures one breach won’t compromise multiple accounts.
Businesses may consider supplying employees with password managers. These programs create and organise passwords for users, making it easier to create and remember strong, varied passwords. Enabling multi-factor authentication is another recommended step for all accounts.
Avoid Public Wi-Fi Networks
The Wi-Fi employees use in the office is most often private, password-protected, and encrypted. That’s not always the case with free Wi-Fi in coffee shops, airports, and other public spaces, though. Whenever employees travel or work from home, they should avoid using these unsecured networks.
On an open Wi-Fi network, hackers can position themselves between users and the connection point, intercepting their data. Employees can mitigate this risk by using a virtual private network (VPN) whenever they’re on a public network. These programs encrypt users’ data and disguise their IP address, maintaining privacy in an otherwise unsecured environment.
Enable Automatic Updates
Software updates may seem like a nuisance to some users, but they’re a critical security concern. Cybercriminals are always finding new ways to infiltrate different services, requiring software developers to patch new vulnerabilities regularly. As a result, employees using outdated software could be at risk of exploits they would otherwise be safe from.
When employees are busy with their day-to-day work, it can be challenging to remember to update everything. Consequently, the best course of action is to enable automatic updates on all programs and devices. That way, employees’ forgetfulness won’t jeopardise their safety.
Keep Work and Personal Devices Separate
At least 45% of U.K. businesses have bring-your-own-device (BYOD) policies, but these can be a security risk. Employees may practice unsafe behaviour on their personal devices, so if they use the same ones for work, it can threaten company systems. Requiring employees to use different devices for work and their personal life mitigates this risk.
When everyone uses provided company machines, it’s easier for IT workers to secure them. They can install updates or new security software across the entire organisation instead of requesting each worker individually. While BYOD policies can make some jobs easier and more flexible, all departments should move away from them, given the risk.
Cybersecurity Is Everyone’s Concern
Cybercrime today is complex, targeting a wide range of systems and people with ever-adapting methods. As such, cybersecurity has become too significant an issue for IT professionals alone to handle. Robust cybersecurity requires everyone to do their part.
Not every employee needs to be a cybersecurity expert, but they should understand their role. Following these five security steps and learning more about cybercrime can help every department stay safe.