Every worker in the company has a part to play in pulling together to combat potential cyberattacks. Vigilance must extend well beyond the IT department, as employees themselves constitute a first-line defense in a firmwide effort to ward off breaches.
The criminals’ hunt continues for customer information, financial records, trade secrets and intellectual property data. As companies are forced to defend wider network perimeters, hackers and bad guys keep evolving their tactics in an unrelenting cat-and-mouse game.
Be armed with the full arsenal
A chain is only as strong as its weakest link. It is up to managers and supervisors to take responsibility for enforcing security protocols. When internet use became widespread in the late 1980s, a set of commonsense security rules were developed. The same principles still apply; however, today’s technologies are more sophisticated.
Just as in olden days, ironclad rules require locking up such devices as laptops and cellphones with a unique password. Whereas in 1990 you may have gotten away with a ‘’weak’’ password, contemporary users are prompted to choose more jumbled combinations of letters and numbers — which are more difficult to break — and to change them regularly.
Next to arrive was multifactor authentication. In order to prove you are you, you must supply several distinct pieces of evidence. Some systems rely on biometric scanners — recognizing a hand or face — combined with a PIN or passcode. Typical examples would be a badge you might wear around your neck, your unique fingerprint or palm print, or a private password.
Then came virtual private networks, or VPNs, which became widely adopted as Wi-Fi took off. VPNs create a safe, encrypted tunnel across the internet and can be indispensable to employees for use outside their office network. Otherwise, bad actors can sneak in through public channels.
Almost all companies now rely on basic antivirus software, firewalls and intrusion detection systems, and most maintain detailed plans in preparation for breaches. Make sure to keep all these safeguards updated automatically and stay current with the latest technologies. Especially in smaller firms, managers should keep an eye on the latest blogs and podcasts rather than just depending on the wizards in IT. At the same time, management must support ongoing training programs for their teams. Artificial intelligence is the most recent chapter, so it helps to prepare employees for a new onslaught of emerging AI threats.
The best laid plans of mice and men
You need an explicit policy manual that spells out cyber risks and how to address them. It should be documented and distributed among all teams.
Despite all these procedures, human failures and unforced errors expose the workplace to half of all cyberattacks. According to a 2022 Gartner survey, 69% of respondents admitted to having bypassed security guidance during the previous year. Why would so many have disregarded the rules?
It may come down to neutralization techniques, which are attempts to rationalize the damage they may be causing. The notion was developed by criminologists in the 1950s to explain how offenders overcome their guilt. For instance, employees might contend that their behavior is harmless — even if forbidden — or that it is beyond their control. Perhaps they justify skirting the rules by countering that they are following work demands out of necessity or accommodating a manager. Some might believe their overall good performance cancels out the odd lapse in cyber safety.
Ten commandments
These straightforward guidelines can help you evade cyber mischief.
- Do not download unknown attachments, which often include phishing.
- Take inventory, tracking all hardware and software assets in your organization.
- Watch for faulty grammar, misspelling and illegitimate vendor addresses. Ignore urgency traps.
- Do not use unapproved Software as a Service tools.
- Keep software systems updated. Back up data.
- Report cyber incidents immediately.
- If you post on social media, check any images for sensitive information.
- Control physical access to easy targets like laptops.
- Limit employees’ authority to install software.
- Never leave key information on sticky notes. They may float off anywhere.
