With IT security training, your employees can provide an important line of defence against cybercrime. Here are six tips to help make that training more effective.
Cybercriminals like to target the weakest link in companies' security defences — and that link is often the employees. Your employees can provide an important line of defence against cybercrime if you educate them about IT security. For training to be effective, it needs to be engaging and well planned.
Here are six tips that can help you deliver IT security training that employees will remember:
1. Educate in Small Chunks
If you bombard employees with a lot of information all at once, they probably won't remember most of it. A much more effective way to get people to retain information is to provide ongoing training in small chunks. For instance, you might cover phishing emails by presenting a certain amount of material each week. Your staff will be better able to digest the information as well as fit the training into their work schedules.
2. Make the Training Personal
With cyberattacks being so rampant, your employees are likely concerned about protecting their personal smartphones, tablets, and other computing devices. A good way to get them interested in your business's security measures is to start by discussing how they can secure their personal devices. Once employees learn good security habits at home, they will be more likely to practice them at work.
3. Make the Training Hands-On
Think back to your school or college classes. Did you learn more in the courses in which the teacher lectured in front of the class or the ones in which you actively participated in activities? Having hands-on activities will help hold your employees’ attention during the training session as well as help them remember the information afterward. The activities do not have to be elaborate, presenting employees with copies of emails and having them pick out the ones that are phishing scams.
4. Include Everyone in the Training
It is important that all your employees using the computer system receive basic security training. Hackers like to target managers because they tend to have access to more sensitive and valuable information. Keep in mind that some employees may need additional instruction that takes into account specific tasks related to their position.
5. Regularly Test Employees' Security Knowledge
After employees have completed a training session, you may want to test what they have learned. For instance, if you recently covered how to spot phishing attacks, you may want to send out a fake phishing email with a suspicious link that, if clicked, leads to a safe web page containing the message "IT security training phishing exercise". The test can reinforce what employees have learned as well as help you determine the effectiveness of the training. Afterward, you should follow up with employees, especially those that clicked the link. You do not need to embarrass or scold employees during this discussion. Instead, you can provide additional education and resources as well as answer any questions they may have.
6. Keep in Mind That Training Has Its Limitations
No matter how good your IT security training program is, there is a chance your business will fall victim to a cyberattack, including risk of insider threats. For these reasons you need to implement other security measures, such as installing anti-malware software and keeping your systems and applications updated.
The main delivery method for ransomware is through phishing and spear phishing emails. Learn how taking a simple action can help protect against ransomware attacks.
The number of ransomware attacks against businesses skyrocketed in 2016, and security researchers do not expect a slowdown anytime soon. They are also predicting that ransomware attacks will become more sophisticated. What won't be changing, though, is the delivery method. Cybercriminals will continue to spread ransomware primarily through phishing and spear phishing emails, according to PhishLabs' "2017 Phishing Trends & Intelligence Report".
In phishing and spear phishing emails, hackers masquerade as reputable individuals or legitimate organisations in order to carry out their attacks. Phishing emails are typically generic and sent out to the masses, whereas spear phishing emails are personalised and sent to specific individuals. In both types of emails, cybercriminals use a convincing pretence to lure the recipients into performing an action. Often, the hackers want the recipients to click a link that will send them to a malicious website.
A simple but effective way to combat ransomware and other types of cyberattacks initiated through phishing and spear phishing emails is to have your employees check links before clicking them. A deceptive link is one in which the actual URL does not match the displayed linked text or web address. For example, the displayed text might specify a legitimate organisation's name ("PayPal") or web address ("https://www.paypal.com"), but the actual URL leads to a malicious website. Employees can check a link's actual URL by hovering their pointer over the link (without clicking it). The actual URL will appear in the lower corner of the web browser or near the pointer, depending on the email client.
Employees should get in the habit of checking every email link they want to click, even if the message appears to be from someone they know. If a URL seems suspicious (e.g. the displayed web address does not match the actual URL), they should not click it.
When discussing the importance of checking links before clicking them, you should provide examples of suspicious links so employees know what to look for. It also helps to include examples of legitimate links that they might encounter in their jobs.
Wireless networks are both convenient and flexible, however if they are not properly secured they can make your company more vulnerable to outside threats. Here are eleven ways to lock down your business's wireless network.
Wireless networks are popular in small and midsized businesses because they are easy to set up and convenient to use. However, if a wireless network is not properly secured hackers within range can access it and infiltrate your network.
Here are eleven ways you can lock down your business's wireless network and keep hackers at bay:
1. Use a Strong Password for Your Wireless Router's Administrator Account
Many wireless routers ship with a default password for the administrator account. It is important that you change the default password to a strong one that is at least eight characters long. The password should include uppercase and lowercase letters as well as numbers (but not in a predictable pattern). When possible, you should also include special characters, such as percent signs and asterisks.
2. Change Your Wireless Router's SSID
A wireless network's name is called a service set identifier (SSID). Many vendors ship their wireless routers with the same default SSID. Keeping the default SSID might signal to a hacker that your wireless network is not properly configured and vulnerable to attack, you should change your network's SSID to a unique name.
3. Make Sure Your Wireless Router's Firewall Is Enabled
Most wireless routers have built-in firewalls, however sometimes they ship with the firewall turned off. Whilst checking the firewall settings it is a good time to also check your other security settings on your router. Your IT service provider can help you determine whether your firewall is properly configured.
4. Use WPA2 for Wireless Communications
Every wireless router offers encryption. Encryption scrambles your data and makes it unreadable, except by the recipient. Three common encryption protocols are Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), and Wi-Fi Protected Access 2 (WPA2). Using WPA2 is best as it employs the hardest-to-crack encryption algorithm. If you have an older router that does not support WPA2, you can use WPA. Do not use WEP as it is outdated and easily hacked.
5. Disable WPS If You Are Using a Consumer-Grade Wireless Router
It is not uncommon for businesses to use consumer-grade wireless routers. These routers often include Wi-Fi Protected Setup (WPS), which provides a user-friendly front-end for encryption protocols such as WPA2. With WPS, users can connect a device to a wireless network by simply pushing a button or entering a personal identification number. Hackers can exploit a vulnerability in WPS to gain access to wireless networks, if your wireless router supports WPS disable it.
6. Disable Your Wireless Router's Remote Management Feature
Many wireless routers have a feature that lets you manage them from a remote location. Unfortunately, it often leaves routers susceptible to attacks and for this reason you should disable remote management if you do not need to use this feature.
7. Make Sure Wi-Fi Sense's Network-Sharing Functionality Is Disabled on Windows 10 Devices
Windows 10 and Windows 10 Mobile include a feature called Wi-Fi Sense. Besides helping users find open Wi-Fi hotspots this feature lets them share their Wi-Fi networks without sharing those networks' passwords. Users can share their Wi-Fi networks with their contacts from Facebook, Skype, and Outlook.com, however Users cannot specify individuals within a group (e.g. within Facebook) — the network is shared with all the contacts in that group.
Although the contacts can only use the network to get online, you might not want your employees sharing your business's wireless network. If that is the case you need to make sure Wi-Fi Sense's network-sharing functionality is disabled on your Windows 10 and Windows 10 Mobile devices.
8. Consider Using MAC Address Filtering
Each device that is able to connect to a Wi-Fi network has a unique ID called a Media Access Control (MAC) address. You can configure your wireless router to check the MAC addresses of devices trying to connect to it, allowing connections only from the devices it recognises. Admittedly, it takes time and effort to enter the MAC addresses of all the devices allowed to access your wireless network, but your network will be more secure.
9. Keep the Wireless Router's Firmware Updated
Every wireless router has firmware. Firmware is software that gives the device its functionality. Like any other type of software firmware sometimes has bugs or security vulnerabilities. When you keep your wireless router's firmware updated, known bugs and vulnerabilities are fixed making your router more secure.
10. Log Out of the Wireless Router's User Interface
Most wireless routers have a browser-based user interface used to configure router settings. If you leave this interface open and someone gets access to your computer your router is vulnerable, so best practice is to always log out when you are finished configuration.
11. Protect the Computers That Access Your Wireless Network
Despite your best efforts hackers may still infiltrate your wireless network. For this reason you need to use security software (anti-virus/anti-malware) on all the computers that access your wireless network. In addition, you need to keep those computers' operating systems and applications updated so that known bugs and security vulnerabilities are patched.
Showing 13 to 15 of 136 posts
Speak to the team
Enter your details below & we will call you back to discuss how P2 can help make IT simple.