7 tips to keep all your employees aware of cybersecurity

Published on 15/05/2020 in Tech, tips & tricks

All your employees, from the receptionist to the CEO, determine your company’s cybersecurity. How do you make them aware of this? Wouter Vandenbussche, Solution Lead Cybersecurity of Proximus, gives 7 tips.

7 tips to keep all your employees aware of cybersecurity

People easily make mistakes. The employees in a company are the weakest link in cybersecurity. So insider threats often occur. It is essential to protect your company against insider threats, because they are not innocuous: “The most dangerous insider threat? The innocent employee who does things wrong without realizing it,” warns Wouter Vandenbussche.

The average company experiences 9.3 insider threats per month.

Source: medium.com, 2018

1. Hammer your security procedures home

A security procedure will not work if your employees are not familiar with it. For example, far too many employees still do not report that they have received a suspicious email. They simply dump it in the recycle bin. Research shows that more than one third of employees do not know where to go and what to do. The reason? They do not know the procedures. Your first task: to draw attention to the security procedures.

2. Set the right example yourself

A cybersecurity campaign scores significantly better results when your management team takes part actively and involves itself. For example, have the director or CEO give the presentation. Then your employees see that cybersecurity is really important and before long your entire company will take extra care. If a manager clicks on the link in a phishing email, the news goes round immediately and ruins the credibility of your campaign.

Questions about cybersecurity? Contact us and talk to one of our security experts.

Talk to our expertsNew window

3. Invest in microlearnings

Extensive awareness processes are not the way to teach your employees how to deal with security. Organizing small actions a few times a year, such as a poster campaign or a stand in the central area of your building, is far more effective. Mini-training courses keep your employees constantly aware of the security approach. Such as a letter, a short film lasting just a few minutes on how to recognize a phishing email or an anti-phishing campaign where you send a phishing email yourself to test your colleagues.

4. Introduce dynamic authentication

Phishing emails often lead to pages that can hardly be distinguished from the login pages of your apps. So password management is very important. It starts with dynamic authentication, for instance via a mobile app. Depending on the place where and the device on which the employee logs in, you can determine whether extra authentication is necessary. It is very easy to set up and significantly limits the risk.

Organize small cybersecurity moments and actions several times a year. That’s far more effective than one major campaign.

Wouter Vandenbussche, Solution Lead Cybersecurity of Proximus

author

5. Grant access to all apps via a central platform

Making your employees change their passwords every month does not make much sense. Most of them will simply add another number at the end every time. Giving every app a different password is strongly discouraged, too. The best practice is to use a central platform for authentication. That way, every employee has one company identity that can be used for every company app. You can then increase the protection of this identity, as explained in tip 4.

6. Avoid private use of the company laptop

The increase in remote working or teleworking means that employees take company data or company devices out of the office with them. Smartphones or laptops outside the office are also very vulnerable. Employees need to take care not to leak sensitive information on social media or open phishing emails on their company device.

7. Foster alertness to suspicious behavior

Cybersecurity is about more than just phishing. Criminal organizations of hackers also send spies to companies. So train your employees to be alert. All too often, doors are held open for someone without a badge, or badges are given to visitors, leaving the way clear for data to be stolen. If someone is walking around a secured area without a visible badge, your employees must identify this person quickly.

Questions about cybersecurity? Contact us and talk to one of our security experts.

Talk to our expertsNew window

Experts

Our experts keep you informed on the latest news and trends for ICT professionals.

Other articles of Experts