In recent posts on basic steps in making your organisation more secure, we talked about the importance of fostering a culture of security within your organisation. There are measures you can take right now to help protect yourself against data breaches and network invasions, even before looking at sophisticated software and cyber security courses, to keep security front of mind for your colleagues and staff, and to ensure everyone is doing his or her bit to ring-fence your network. We spoke to cyber security insurance expert Alniz Popat, founder and CEO of Middle East-based Lifecare for his top tips:
• Teach staff about the threats from unsecured networks
One approach, says Alniz, is to ban employees from using their personal devices to access work sites. But, he points out, this is likely to cause resentment as it seems draconian, and is ultimately doomed to failure. Human nature being what it is, staff will grow tired of having the hassle of switching between devices and will end up using personal devices to access the work network, “regardless of policies”, he says.
A better solution, he says, is to teach colleagues about the dangers of using unsecured networks to access work sites. Home networks, for instance, are usually secure (and password-protected), whereas free wi-fi hotspots such as those found in “coffee shops, hotels and airports” often are not. A simple rule of thumb is to check whether the network requires a password to access it. If it doesn’t, then don’t do it!
• Avoid unsecured websites
By the same token, when on a work device, teach staff not to access unsecured sites (those without a green padlock in most browsers), at least, don’t enter any data into them – this, says Alniz, “can give cyber criminals direct access to sensitive data that is stored on that device, as well as browser histories and passwords”.
• Avoid password sharing
Educate staff about the risks and lead by example, Alniz says. Do not encourage staff to allow visitors, temporary workers, guests or contractors to log on to your network by using someone else’s password. Speak to your IT department to ensure that whenever the need arises, they can issue a temporary password.
• Keep network admins to a minimum
Restricting IT admin rights to your network to only those who absolutely need them is good practice – as Alniz says, “employees cannot give away information they don’t have access to”.
• Remember the power of education
Cyber security courses for staff can be a great help in ensuring that colleagues and employees are wholly aware of the importance of precautionary measures to ensure that your network is not vulnerable to attack.