Since the technology to combat cybercriminals has become more advanced and sophisticated, people have become the potential weak link in the fight against cybercrime. Keeping organisations and individuals safe depends on people understanding the risks and protecting themselves. For example, it takes just one unwary employee to divulge their password or plug in an unauthorised device, and they could fall victim to a cyberattack. This could also compromise the entire network of the business they work for, or put their own personal home network at risk. Consequently, it’s crucial for people and businesses alike to stay smart online, according to Palo Alto Networks.
Palo Alto Networks is supporting the government’s Stay Smart Online Week 2017, which runs from 9 to 13 October. The theme is Simple steps to online safety, with a focus on five key areas: privacy of your personal information; strong passwords; software updates; backing up important information; and avoiding online scams.
Cybercrime is on the rise; it’s estimated to cost Australians more than $1 billion per year, with around 43 per cent of cyberattacks targeting small businesses. (1)
Ian Raper, regional vice president, ANZ, Palo Alto Networks, said, “Employees don’t usually want to harm the business they work for but it’s human nature to make mistakes, or to misunderstand the level of risk. Businesses need to educate employees and ensure they’re taking simple steps to stay smart online.”
There are three key factors that can introduce risk into the organisation. Palo Alto Networks has also identified some ways to combat those factors:
1. Employees working from home or remotely
In many cases an employee’s home network is nowhere near as secure as the corporate network, creating a vulnerability that hackers can exploit. This can be particularly lucrative if the employee accesses sensitive or commercially-valuable information from home. So businesses must:
- protect remote devices by implementing security software and installing the latest versions of applications and security patches immediately. Mobile devices should be remotely wipeable in case they fall into the wrong hands
- require employees to use strong passwords and two-factor authentication
- prohibit employees from storing information on their personal desktop
- use a virtual private network (VPN) to protect traffic and prevent tampering with data.
2. Credential theft and phishing
Hackers still steal people’s passwords and credentials because it remains one of the fastest and most effective ways to gain access to networks. There are three key components to blocking phishing attacks:
- educating employees so they understand what a phishing attack looks like and what to do if they suspect they are being targeted
- creating processes that reduce the chances of employee errors resulting in credential-based attacks. This can include measures such as flagging phishing attempts, resetting passwords, automatically blocking suspect sites and emails, and understanding how sensitive resources can be protected
- implementing technology such as threat intelligence tools to identify and prevent employees from visiting phishing sites.
3. Human error
People will always be the weakest link in the cybersecurity chain but it is possible to reduce the amount of error. This includes:
- incorporating security awareness into the organisational culture through relevant, frequent training (perhaps using gamification to increase engagement)
- moving beyond a compliance-driven approach and showing employees how to protect their personal data, which can then extend to protecting the organisation
- limiting the number of employees with administrative access, which shrinks the risk footprint.
Ian Raper said, “Too many businesses still focus on threat detection and mitigation when they should be focusing on prevention. By strengthening their employees’ awareness of and commitment to cybersecurity, businesses can dramatically reduce the chances of a breach occurring at all.”
The Stay Smart Online Alert Service is a free service that explains recent online threats and how to manage them. Businesses and individuals can sign up to the service at staysmartonline.gov.au or follow Stay Smart Online on Facebook.