Eurolink Blog

23Jun

BLOG SERIES: Your guide to digital safety part two

In our series on digital safety, we're exploring all the top tips to help you stay safe online. One of the biggest potential weaknesses in your cybersecurity is your people and their own activities, whenever they have access to corporate files. Here's our guide to supporting your team and shoring up your network from outside influence...

Consider mandating a regular course...

It is easy to assume that your employees have more knowledge than they do because cybersecurity can often just be common sense, right? The problem is that any technical cyber knowledge is often acquired piecemeal, through articles read online for example. This means there may be huge gaps in your employee's knowledge, and one person's knowledge will be different from another's. What's more, the latest technical info changes all the time, and many employees also become savvy at creating workarounds which can void your company-wide policy.

There are some really great courses available online which you can mandate to your employees, but we'd also recommend asking your cybersecurity insurer what they have on offer. Through our insurance for example, every single one of our employees is given access to monthly cybersecurity update training and it is compulsory that they complete it. It's become an invaluable part of our practices. 

Ask for a personal device and user audit, with risk assessment...

There is a lot of debate around whether it is ethical to ask employees to use their personal devices for work, but it is perfectly acceptable to do so at the moment, particularly as people blend their working and home life and often prefer to use just one or two devices. This means your corporate files may be accessed from a personal device, or your employee's personal accounts may be accessed via a work device, blurring the lines between personal and business and increasing potential risk. We've always recommended having a good employee handbook on technology which sets out how, why and when devices can and should be used, and how they should be protected, but it is always better to base these on an understanding of what and how devices are actually used, rather than how we assume people are using them.

Creating a risk assessment template that logs all the key information about their devices, their home network, their operating systems and their practices can provide great insight into where the risk might come for your corporate data. Knowing for example that there are three other users on their home WiFi might prompt you to mandate specific antivirus packages (which you can supply them with a license for) and implement two-factor security to access your corporate files. That way your systems won't be compromised by a virus that enters the household via a streaming service or download for example. 

Having this knowledge will also help you to pinpoint risk and offer relevant advice. For example, many people don't know that their security camera system or ring doorbell connects to the internet and can be more easily breached than their laptop might be. Making sure they have changed the password from the factory pin will help, as will setting automatic updates to ensure the system is using the latest software and security. 

Provide escalation protocols...

Assuming that they are aware they have been breached, employees will quite often try to manage an issue themselves, long before they will flag it with a manager. They might be embarrassed that they've been caught out, or they could be worried about the consequences of their actions and the impact on their job. Creating a transparent, corporate-wide set of protocols and procedures, which highlight how the situation should be handled, who it should be escalated to and how it will impact in respect of their role (if there will be any), not only provides confidence that they will not be at risk but also gives them the confidence to escalate it to the right person. This means it can be handled more quickly and effectively and there will likely be less damage to your systems. Couple this with the mandatory training suggested and you'll help remove the stigma of human error too.

 

So there you have it. Supporting your teams to be an effective defense is essential to securing your systems. In the meantime, check out all the digital tools to help you stay safe in our part one feature, and keep your eyes peeled for part three, which covers all the bonus tips. 

Get in touch with one of the team

We will be very happy to help you