In 2022 the UK Information Commissioners Office (ICO) decreed all employees must be given cyber awareness training before being given access to any data. The ICO’s statement also included a recommendation that training be made an ongoing priority for all businesses.
Given how cyber attacks in Scotland more than doubled last year to a record high, cyber resilience must be a top priority for every organisation.
Here are a few practical ways to keep cyber defences strong and security at the forefront of all your employees’ minds.
Embed security in the staff induction process
The simplest way to help employees understand cyber security from the outset is to include it in their induction.
A group of ethical hackers at the Scottish Business Resilience Centre (SBRC) recently developed a basic training guide for employees, and it’s an ideal way to get the key messages across to new starts, as soon as they enter the door.
The guide is free and available through the CyberScotland portal. It includes easy-to-understand explanations of common cyber attacks and tips to avoid falling victim. Providing it to all staff members will also help organisations comply with the ICO’s recommendations.
Strengthen passwords
Some of the most commonly used passwords simply follow standard keyboard sequences, such as ‘12345’. While using them makes it easier to avoid getting locked out of your systems, it also makes it easier for hackers to break in.
The National Cyber Security Centre (NCSC) recommends using three random words, such as ‘RowBoatMerrily,’ which are long enough to deter hackers but easy for users to remember.
Perhaps more importantly, employees should use a distinct password for every account: if a hacker gains access, they will use the same password to try to break into any other account associated with the same email address.
Alongside this, two-factor authentication should be activated. This will provide an additional level of security, ensuring only the right person can gain access.
Keep systems up to date and backed up
Too many people ignore prompts to update: approximately one in three people don’t install them in part because they’re concerned it will pause their work and lead to a loss of productivity.
These updates aren’t just about introducing new features; they often include ways to close any vulnerabilities, including new security patches, which are vital for preventing hackers from gaining access.
Remind all staff to install updates as soon as they’re prompted, to ensure the most up-to-date security measures.
Regularly backing up data is also critically important. Backups don’t just protect you in the case of a virus or ransomware attack; they’re protection against hardware failures, power loss, and human error.
Ongoing training and exercising
Cyber security is constantly evolving, and all organisations should consider investing in training courses to keep staff informed.
NCSC’s free ‘Exercise in a Box’ tool, for instance, was developed to help organisations practice their response to a cyber attack and test their cyber resilience. Organisations of all sizes, across all sectors, benefit from regular cyber testing.
Cyber exercises like this bring different departments of the organisation together and help show cyber shouldn’t be left to the IT department alone. Everyone has their part to play.
Put cyber security front and centre
Having employees who understand and implement the basics of cyber can help them spot and prevent successful attacks. It can help them react quickly and even help respond to an attack.
Don’t make cyber a tick box exercise for your organisation. Cyber attacks are on the rise, and every company must be prepared, right across the board.
These simple tips are an easy way to make cyber security part of your organisation’s culture.
