Cybersecurity Training – Cybersecurity

Top 10 Cybersecurity Awareness Pointers

Despite the best efforts of cybersecurity managers and IT departments, the wave of online attacks affecting the country shows no signs of slowing down.

As the risk of data loss and potentially becoming a victim of ransom intensifies, staff training is non-negotiable in 2024 and beyond.

If you have an existing cybersecurity training system in place or are still strategising, our list of our top 10 priorities for cybersecurity awareness will help you to focus on issues that deliver maximal security gains.

1. Phishing

The mainstay of online criminals remains the phishing attack and the reason is simple: users still fall for it.  Staff training that focuses on analysing suspicious emails and not taking action until it’s approved by management will go a long way to mitigate the damage that can be caused by fictitious communications claiming to be from banks or clients.

2. Passwords

We’ve written several articles in the past imploring companies to set up strong passwords and make use of password management systems. Unfortunately, many businesses still use weak, passwords and codes which can easily be guessed. If you’re looking for a cheap, simple, and instant way to improve your cybersecurity, strong passwords are almost certainly it.

3. Removables

USB sticks and removable hard drives may be less common in the age of cloud computing, but many businesses still use them. Limiting the number of important files you keep on removable storage, password protecting and encrypting them, and deleting them on a regular basis are all important skills that all employees should be trained in.

4. Mobile devices 

Smartphones and tablets that we all use every day contain some of our most valuable business and personal information – especially with the advent of smart wallets. But if they fall into the wrong hands, they can give criminals access to a company’s entire financial resources. Password protection and multiple factor authentication are not simply nice to haves anymore when it comes to mobile devices. It’s absolutely crucial that employees should be made aware of the necessity to safeguard their mobile devices.

5. Physical Cybersecurity 

Keeping your files safe in the cloud and following cybersecurity best practices doesn’t mean much if your login credentials are still being written on sticky notes and left lying around the office. The physical aspect of cybersecurity, especially for businesses that transact with cryptocurrency and have login credentials related to their crypto wallets on paper, should be emphasised very strongly when training staff members.

6. Public Wifi 

When traveling on business, it’s always useful to have access to public Wi-Fi, but this facility can be a double edged sword, especially when it’s not safe from hackers and viruses. Familiarising yourself with best practices when using public WiFi and discouraging your staff from connecting to it using work devices unless they’re convinced that it’s 100% safe are both good strategies.

7. Cloud Storage 

When it comes to data security, almost safe is never good enough. The only way to be truly certain that your data is safe is to have it encrypted in the cloud using immutable storage. That’s exactly what our range of secure cloud storage packages for business will give you.

8. Social media

Social media networks have become a part of our daily existence. Unfortunately they’ve also become a prime way that cybercriminals use to gain our trust and perpetrate identity theft and fraud. Staff members should be well-versed in using Facebook, LinkedIn, IG, and other social media platforms responsibly, and look out for signs of fraudulent or criminal activity when they interact with other users.

9. Remote work 

If your staff work remotely part of the time or all of the time, chances are good that they’re exposing both themselves and your business to unnecessary risks online. Every device that contains information related to your business, as well as the people who use it, needs to be operating at the highest level of cybersecurity.

Ensuring that your workers’ devices have the latest versions of firewalls, antivirus, and secure cloud storage installed, and that they know how to use devices responsibly and not allow authorised access by other people when working remotely will help keep your business safe.

10. Social engineering attacks 

Impersonation attacks, social engineering, and other fraudulent tricks used by cybercriminals to gain access to your business information are on the rise. Your employees need to be primed to identify suspicious communications and trained to not execute any requests  before they’ve been vetted and approved.

Keep your data safe with cloud storage

The dangers of doing business online may be increasing, but so are the opportunities to keep your data safe. 

Our range of secure cloud storage packages for businesses of all sizes will give you peace of mind as you and your team use the internet to grow your enterprise. visit our product page today to get started.

Cybersecurity Training – A Corporate Responsibility

Meeting your corporate Cybersecurity training obligations

The cybersecurity threat landscape is becoming more perilous in 2024 as the rise of AI adds a further risk dimension.

Companies are both ethically and legally required to act in order to prevent cyberattacks. While creating a safe online ecosystem for business to take place is a noble aim, the POPI Act compels businesses to take concrete measures to protect sensitive business and client data.

Failure to comply with the POPI Act could result in fines of up to R10 million and possible jail time, making it even more crucial to train your staff comprehensively. 

In this article, we look at the need for proactive cybersecurity training and what aspects your business should focus on.

The new threat of AI 

The availability of generative AI means that language models are potentially being used to create extremely convincing phishing emails and other fraudulent documents. These may be indistinguishable from a credible internal communication or message from a client, increasing the likelihood of cyberattacks hitting their mark: overly trusting employees.

Data from the South African Banking Risk Information Centre shows cyberattacks in South Africa up by 22% in 2023. 

Of particular concern are the phishing and ransomware crimes, with the number of victims who made ransomware payments having risen by 20% in 2023 alone. 

To avoid a situation where unsuspecting employees are implicated in cyberattacks and face severe consequences, including dismissal and possibly criminal action, companies need to ensure that their teams are well trained in all aspects of cyberthreat awareness and risk management.

In general, many attacks tend to take place not because employees were in cahoots with cybercriminals, but simply because they were fooled by them.

Preventing this type of incident may not be easy, but companies that can identify the most common online security mistakes made by their staff have a better chance of correcting them through positive training.

With new employees, this type of training should take place during the onboarding process, with existing staff regularly upskilled so that all teams have up to date cybersecurity awareness and are fully prepared to handle sensitive data with the upmost of caution.

Critical training focus for enhanced cybersecurity

Weak passwords 

  • Choosing a password that you can remember is important, but some employees still opt for the trusty old “12345” or “password” which is incredibly easy for cybercriminals to guess. 
  • Additionally, others may choose a strong password but render it useless by writing it down on a sticky note displayed in the office. This could easily come to the attention of the wrong person and result in a data breach. 
  • Staff members should choose long passwords with a mix of numbers, letters, and symbols, and secure their devices using two factor authentication whenever possible. 

Sharing passwords

  • Employees who use the same computer or device may end up sharing a login password out of necessity. 
  • A clear solution for this problem is to issue each employee with their own device or let them bring their own. 
  • If they do share a computer, it’s essential for each user to have individual logins with credentials that only they know. 

Unauthorised users accessing work devices

  • Employees may think it’s harmless to take the company laptop home and let their children use it to write school reports or browse the internet, but if the device becomes subject to a cyberattack, the unauthorised user could get the employee in serious hot water.
  • Separating work and play devices is essential not only to protect company data but also to prevent family members from being implicated in a cybercrime. 

Don’t forget to cover the cybersecurity basics for peace of mind 

Failing to update security software, outdated firewalls, and relying on physical storage alone are some other ways that staff members could unknowingly open the door to cybercrime. 

Soteria’s range of secure backup solutions take the guesswork out of keeping your files safe in the cloud. Learn more about our packages for businesses of all sizes by visiting our website today.