It’s a fact that phishing is one of the main cyber security risks for businesses of any size. It’s the most common way a business can become compromised.
It’s also a fact, that despite the growing threat, many of the businesses we talk to don’t have a plan in place to mitigate that risk or regularly test that it works.
We asked our IT Infrastructure Manager, Paul Fothergill for some straight-forward advice on the matter. Paul outlines 3 simple steps to ensure that baseline cyber protection is adopted in your business.
1. Plan
Implement a cybersecurity plan and procedure document. Do your employees know what to do, or who to contact if they encounter something suspicious? What do they do if they click on a link that they feel may have been compromised? A simple document to sign post your users to the right person in an emergency is invaluable. It’s also an important first step in making your employees understand that their actions can have consequences.
2. Teach
Paul advises that you build your cybersecurity strategy around the education of your employees. He can’t stress this enough!.
Almost every employee has email and Internet access and unfortunately, they account for almost 90% of the breaches seen today. Modern firewall technology is adept at countering threats and blocking hackers, but your employees are far less protected. Hackers will always take the easy route. A compromised link in a phishing email can trick your employees into doing all the hard work for the hacker. The answer? Build short, online cyber training sessions into your employee training policy. It will ensure that your employees develop safe practices and have the knowledge they need to beat the hackers.
3. Test
Just like your regular company fire drill, all the best safety plans need to be tested. Simulated phishing emails are a great way to check that learning has been absorbed. The test results allow your business to implement further employee training where necessary This activity will deliver the constant learning loop that every business needs to deal with ever changing cyber threats.
How we can help
Increasingly, we are asked by our partners and customers to help develop a roadmap for their IT services. To gradually move their business to a position that approaches industry best practice. Delivering cyber assessment, security planning, employee training and testing is an important part of that process.
Cybersecurity can seem daunting, but the first major step is to recognise that it’s just another day-to-day business risk. You just need a plan and a process to deal with it. Our team can help your business take those first steps to bring cyber security risks under control.
Get in touch with us via hello@nte.works for more information and support.
