Training your staff in cybersecurity

Training your staff in cybersecurity

We all understand that cybercriminals have a vested interest in getting into your private company networks and applications. All that IP and private data is worth a pretty penny on the dark web. But are you taking active steps to prevent it? Regularly training your staff in cybersecurity is a basic measure you should put in place if you want to prevent and quickly recover from cyber attacks.

What’s the risk?

In 2021 and 2022, 39% of UK businesses fell victim to a cyber attack. And while that’s lower than the previous 4-year average, it’s likely due to an increased awareness of the need to protect sensitive business data and systems plus more access to preventative training and tools. But the bigger your business is, the more a successful attack will cost you, with the average floor starting at £1,200 per incident and going up to £8k per incident for medium-large businesses. (And that’s happening every year. To nearly half of all UK companies. It adds up.) However, if you just teach your team some cybersecurity basics, either internally or with the help of an expert partner like us, you’ll stave off a lot of the potential breaches.

Cybersecurity basics:

Here are the most basic cybersecurity practices that you should teach your staff:

Physical security

Instruct them to lock their devices and store them securely where they are out of the physical reach of criminals. There’s no need for hacking if your company laptop is left on a train, unlocked and accessible. Or worse, if your login details are in your notebook, written down, in your laptop bag. So, teach your teams to password lock all devices the moment they step away, never write any passwords down and never leave any devices in an unsafe or public place.

Email best practices

Next, teach your teams to never click on links in emails they were not expecting. Tell them to look out for lots of typos, an inflated sense of urgency or a request to do something with credentials or money that’s out of the ordinary. Instead, they should simply flag the email as spam in the email system and alert their IT team.

Good passwords

Then, teach them about good passwords. They should be long – more than 8 characters at least. And they should have numbers and unique characters in them. Stringing random words together is a great idea too. “LipglossTowingGumRocket” is a lot harder for AI to guess than “TomsPW2023!”

Securing mobiles

Also, as we all use mobiles (personal ones) for work more than ever before; it’s important to keep those locked down too. Using a phone lanyard can prevent loss or theft in crowded areas and then you should have a passcode or biometrics enabled too. Install a mobile anti-malware service and only use apps & visit websites that you recognise. Lastly, ensure that you’ve got a Find My Phone service enabled so you can wipe the device remotely if it is lost.

Credential sharing

And finally, never ever ask for or encourage your teams to share credentials. This is a surefire way to build a poor data security company culture. Make sure that all your systems have one licence for each person and don’t share them across a team. This will ensure you can track down the cause of incidents if they do happen.

Want more tips? We’ve done another piece on cybersecurity which goes into downloading and backups too. Or, if you need some support, check out our security monitoring package which can help you identify and respond to these attacks in real-time.