It is always important to spread cyber security knowledge and increase the awareness. But we don’t often talk about the best things you can learn about yourself.
Probably the most obvious of all, but is it really a threat to me? Yes. You would be surprised to hear that “almost 50% of malware attacks are aimed at small businesses” (According to Legaljobs). The term malware might scare many people as it seems complex, and while it can be there are some simple things you can learn to reduce the risk.
By training not only yourself but also your employees on how to spot malware, you can avoid having to pay ransomware or losing your clients data which both could lead to the loss of clients.
Privacy is nothing new and maybe for that reason many people misunderstand it. Privacy is not only about protecting individuals’ data to increase their quality of life and keep them happy. Although avoiding gossip in the workplace can be a nice bonus it is not the main point of keeping each other’s privacy.
Privacy training can ensure individuals safety. As it makes harder for people with bad intentions to get information from the desired person. But also, you can become aware of how much data you willingly give to companies and engines with cookies for example.
3. Physical Security
Physical data and devices are frequently at risk, but it does not mean we do it on purpose, sometimes we are just unaware of the risk we are putting the data in. Things at such as leaving passwords in post-its, sensitive documents open in a desktop computer or in a table where someone could peak or take photos could endanger the company.
The solution could be a simple training to make people more aware of it but, if necessary, a “clean desk” policy could be applied as suggested by the Usecure blog.
4. Home office standards
With last year’s fast growth of people working from home, business might fancy reconsidering the training to suit the new work environment. Its common that workers will be using their personal devices which can bring many vulnerabilities into the company network.
For instance the training could be about how to deal with the new responsibilities such as keeping their devices and software updated, to remind them to lock devices when leaving it unattended and to logout accounts. All these things are critical for their security and the company’s data safety.
5. Social Media Usage
It might be trick for most of the companies as many depend on social media for marketing/customer help purposes. But it is important to set standards of what are and are not things that should be posted on social medias – oversharing can lead to not only to data breaches but also to the endangerment of individuals.
Training on how time should be spent on social media and also about things that would come across as oversharing should be discussed by the companies with their employees.
6. Email Policies
All companies and employees have their own email made with the sole purpose of business communication. For business that use email as the main way of communication, it might be necessary to remind the users to contact each other using only the business email. Using only one email would not only allow for backlogs but also to reduce the chances of data being exposed if other accounts suffer cyber-attacks.
Statistics show that “over 92% of all malwares is delivered by email” so it is important for the training to remind people to think twice before clicking an attachment in an email, and to double check the email’s source – these simple attacks can prevent many headaches due to cyber-attacks.