How Organizations Can Stay Protected Online
As high-profile cyberattacks threaten data security, here’s what you need to do to guard against them.
- By Kelvin Coleman
- August 23, 2021
A recent data breach at the University of Massachusetts Lowell caused classes to be cancelled for three days. This is only one example of the many high-profile cyber attacks we have seen in recent months. Lost business costs accounted for about 40 percent of the average total cost of a data breach in 2020, or $1.5 million -- increasing from $1.4 million in 2019, according to IBM Security’s 2020 Cost of a Data Breach Report.
Although scary, these attacks have also proven the importance of online security and have amplified the conversation about what organizations can do to protect themselves and how to mitigate damage during a breach. So, how can organizations prioritize safety at this time when it’s more necessary than ever?
Educate Employees to Avoid and React to Cyber Attacks
Education is arguably the single most important way for organizations to protect their employees and themselves. Invest in company sessions to explain common fraud schemes such as phishing, malware, and robocalls. Host (possibly mandatory) training sessions for employees -- you can also make it part of new employee orientation. Don’t be afraid to make your training interactive by creating games or adding incentives for attendance.
Employees should be trained to be mindful of the information available to them, and aware that there are bad actors who will use whatever information they secure for malicious purposes. The more employees know, the less susceptible they are to subjecting themselves and the company to breaches.
Instruct Employees to Secure Devices with Sensitive Data
Scammers certainly noticed the increase of technology use as global lockdowns began. In fact, phishing attacks increased 350 percent during the first month of the COVID-19 lockdown. Because so much information is stored on employees’ laptops and other personal devices, it’s important to preemptively protect this hardware (and your organization).
Start by sending a memo to all employees at your organization, outlining clear steps for online safety. Then, take a look at who has access to what information. Essential information and important tools should only be made available to necessary employees.
For those with access, the first step to maximize security is to make sure all employee passwords are strong. Consider setting up a password manager to help employees store their login credentials.
Additionally, employees should be wary of public Wi-Fi because it can be easily spoofed. It’s much better to turn to a hotspot or VPN instead. Remember that any employee, no matter their role or department, can be a target. Remind your employees of the role they play in protecting your organization’s information, and the importance of always paying attention. If something looks suspicious, it is probably malicious.
Take Extra Precautions for Employees Working from Home
Ideally, remote work Internet activity should be conducted from a company laptop or desktop. If this is an option for your organization, make sure it’s updated with anti-virus software and other safety measures before sending it out to employees. Send instructions to employees on how to connect to a VPN and set up two-factor authentication. If a work computer is not an option, a good way for employees to differentiate between work and personal browsing is to set up a dedicated work-only network -- if your organization offers this, even better.
If this is not an option, then tell employees to take the measures of changing their router’s name, access password, and admin password. Additionally, it’s a good idea for them to activate the network encryption; and even change the IP address. Taking the extra minute to make these simple changes may save time and aggravation in the long run for employees, and ultimately the organization.
Once you have these precautions in place, make sure to keep tabs on them. Be sure employees regularly run anti-malware software on all business computers, and make sure the anti-malware software is up-to-date. By taking these steps, you are doing your part to keep your employees and organization as safe as possible during the new normal.
Kelvin Coleman is executive director at the National Cyber Security Alliance (NCSA) where he is responsible for leading organizational growth; facilitating strategic partnerships and alliances with government, industry, and non-profits; and acting as NCSA’s primary spokesperson. He has two decades of experience in high-stakes cybersecurity posts at the White House, the U.S. Department of Homeland Security (DHS), and the private sector. During his career, he has conducted cybersecurity awareness tours in 49 states, briefing tech giants, local store owners, and politicians alike, including 35 governors. He is recognized for his work forging partnerships between the public and private sectors -- developing cybersecurity policy and products, improving national and local cyber-threat awareness and readiness, and establishing guidelines for workforce cybersecurity safety.