Failure to educate staff on some of the most basic principles of data security can cause big problems for businesses of all sizes.

It’s estimated that up to 92% of malware is delivered via email to users- and considering that the majority of businesses will use email to communicate both internally and externally, there’s no end to the list of people that could be affected by malware.

Luckily, the risk of malware and phishing attacks can be kept at a manageable level as long as everyone within a business takes responsibility for the business’s cyber security and everyone understands basic principles of data security

Given today’s rapidly growing technology industry, there’s always new threats that arise from the communication tools we use on a daily basis. However, by ensuring that staff are correctly educated on data security can mean that businesses are able to take control of their cyber security measures in a way that is manageable for everyone.

By educating staff on the ‘do’s’ and ‘don’ts’ of cyber security, you’ll be moving the responsibility of data security from not just one person or dedicated team but to everyone, making the company less susceptible to attacks whilst also reducing workplace staff for those in charge of IT security. This is why training and educating your staff is an important principle of data security.

Best Data Security Practices

 This list of best practices is a great stepping-stone for any business looking to take control of their IT and data security. Although some may seem obvious and basic principles of data security, they are all important to help you keep your data and network protected.

Passwords

The strength of a password is a reflection of its length, complexity and unpredictability. All three of these factors together are responsible for how secure how a password is, however, these factors do not replace the need for other essential security controls to ensure that passwords are not breached.

To ensure that passwords are secure they should be sufficiently long in length, it’s worth aiming for between 12 and 14 characters with a mixture uppercase and lowercase characters too. Additionally, adding special characters to your password will help to strengthen passwords. You should also be mindful of where you are storing passwords, we do not recommend keeping a book of passwords in your desk drawers. There are a number of online password manager applications designed to keep your company’s password safe, secure but accessible for employees.

Email security

Most people are quick to disqualify the need for email security, up to 80% of successful cyber attacks involve phishing- a common form of fraud where individuals are asked to reveal personal information such as passwords, credit card information etc. whilst purporting to be from a reputable business.

Email security software can help to reduce the occurrence of these phishing scams from entering into staff mailboxes. However, it’s also important that the company has relevant policies in place that determines how staff can identify potentially fraudulent emails as well as what to do in when one is discovered. This relates back to our first principle of data security, ensuring your employees are educated in this area.

Again, this method of protecting your business from IT threats means that every individual within a business is responsible for managing their IT security at work.

Attachments

Having strict procedures in place whereby staff understand what the safe working practices are surrounding opening and sharing attachments via email will help to reduce IT threats and malware.

In order to do this, it’s important to be aware of some of the techniques that are used by fraudulent attackers/ scammers. Often unsuspecting victims of opening dangerous attachments involve the use of social engineering tactics such as:

  • Customised personal message text (such as “Dear John” or “please review the attached”)
  • Forgery (Fraudulent emails sent by someone you appear to know)
  • Threatening (Attackers may use messages like “your account will be closed unless you…”)
  • Creating messages look as if they were sent from an official source (“support.t@microsoftc.om”)
  • Making the attachment look harmless (“my_holiday_pictures”)

These are just a small number of ways that hackers could use to gain your trust and get you or a staff member from opening a hazardous attachment in an email or message.

Luckily, taking control of your businesses IT security doesn’t have to be complicated. Axians C&C can help to provide your staff with training, advice and solutions to combat IT security at work. Find out more about how you can train staff to take the steps necessary to protect themselves and your business from cyber threats. Get in touch with Axians C&C today.