A reliance on technology during the pandemic has made all businesses and organisations more vulnerable to many forms of Cybercrime. With some or all employees working from home, the danger of system breaches has become a concern for everyone. The recent HSE cyber-attack is a stark example of the implications if such a breach happens in your organisation. In light of the attack, supportIT has put together some information to help organisations put procedures and tools in place to address security.
supportIT provide straightforward Cyber Security advice and related services. If you have concerns or need advice about Cybercrime, please talk to us today to get a detailed security audit for your Organisation.
1. Security Awareness Training
70% of Not-for-Profit users report a lack of security awareness training in their organisation:
- At inductions, outline the security measures the organisation has in place and explain their importance. Often users don’t like to wait for machine updates or using two-factor Authentication, but if they understand why they are in use, they are more likely to build them into their own IT practices.
- There are many security awareness training Videos that can be used for Security Awareness Purposes (Check out Webroot on the BrightTalk Channel). Build one or two of those into your HR inductions to highlight the importance of good security practices.
- If a potential scam email comes into the organisation, highlight it so staff can know what to look out for.
2. Defined Reporting Processes
Have a defined process for reporting potential scams
- If a user received a potential scam email and didn’t click on anything within the email, they should still report it to their IT provider.
- If a user has clicked on anything within the email, such as a link or a PDF, they should immediately unplug their machine out from the network and log the issue with their IT provider.
- If the user is working from home, they should still report the issue immediately because the virus could potentially infect the network the next time the machine is in the office.
- Finance Departments should also have a strict process for validating bank details. These should be verified by phone before bank details are changed on the system.
3. Update Security Policies
Develop clear policies and procedures around passwords, BYOD (Bring Your Own Devices) and Internet/Email usage.
4. Update Employment Contracts
Introduce a non-compliance clause into your HR documentation so that staff know the implications of not adhering to good IT security practices.
5. Appoint a Security Champion
Organisations must have a security champion internally, particularly those without an IT provider. This person should share security trends and threats and ensure management are following good security practices.
6. Additional Security Tools
There is a myriad of free to use and paid for cybersecurity tools available to help protect your organisation:
- Multi-Factor or 2 Factor Authentication should be enabled across all applications.
- Webroot anti-Virus – Award winning Anti-Virus with built-in Ransomware Protection
- Webroot Security Awareness Training – Simulated Phishing Attempts to highlight potential scams.
- End-Point Protection Tools – If your organisation has end-point protection in place through their IT provider, additional add-ons for ransomware protection can be enabled.
- Advanced Email Security – Google and Office 365 have built-in Advanced email Protection tools that can be enabled.
- Data Loss Protection Enablement – this can be enabled through Office365 or Google
- Enable Encryption – If a laptop falls into the wrong hands and it has Encryption, it means your data is protected.