People are the potential weak links in the fight against cybercrime, but with effort businesses and employees can work together to protect themselves and their organisations, according to Palo Alto Networks.
According to the company, it takes just one unwary employee to share their password or plug in an unauthorised device to put a company at risk - and compromise their entire network. As such, it is crucial for businesses and employees alike to stay smart online.
“Employees don't usually want to harm the business they work for but it's human nature to make mistakes, or to misunderstand the level of risk. Businesses need to educate employees and ensure they're taking simple steps to stay smart online,” comments Palo Alto Networks regional vice president ANZ, Ian Raper.
Here are three key areas in which risk can be introduced to an organisation:
1. Employees working from home or remotely
In many cases an employee's home network is nowhere near as secure as the corporate network, creating a vulnerability that hackers can exploit. This can be particularly lucrative if the employee accesses sensitive or commercially-valuable information from home. So businesses must:
- protect remote devices by implementing security software and installing the latest versions of applications and security patches immediately. Mobile devices should be remotely wipeable in case they fall into the wrong hands
- require employees to use strong passwords and two-factor authentication
- prohibit employees from storing information on their personal desktop
- use a virtual private network (VPN) to protect traffic and prevent tampering with data.
2. Credential theft and phishing
Hackers still steal people's passwords and credentials because it remains one of the fastest and most effective ways to gain access to networks. There are three key components to blocking phishing attacks:
- educating employees so they understand what a phishing attack looks like and what to do if they suspect they are being targeted
- creating processes that reduce the chances of employee errors resulting in credential-based attacks. This can include measures such as flagging phishing attempts, resetting passwords, automatically blocking suspect sites and emails, and understanding how sensitive resources can be protected
- implementing technology such as threat intelligence tools to identify and prevent employees from visiting phishing sites.
3. Human error
People will always be the weakest link in the cybersecurity chain but it is possible to reduce the amount of error. This includes:
- incorporating security awareness into the organisational culture through relevant, frequent training (perhaps using gamification to increase engagement)
- moving beyond a compliance-driven approach and showing employees how to protect their personal data, which can then extend to protecting the organisation
- limiting the number of employees with administrative access, which shrinks the risk footprint.
“Too many businesses still focus on threat detection and mitigation when they should be focusing on prevention. By strengthening their employees' awareness of and commitment to cybersecurity, businesses can dramatically reduce the chances of a breach occurring at all,” Raper concludes.