More and more, organizations are adopting—and understandably so—firewall, anti-malware, and antivirus software…
And given the almost daily security incidents, which sometimes make the headlines, it’s easy to understand why.
However, such software is of limited value unless it is combined with a policy to raise staff awareness of security issues and training in password management.
Raise awareness of cybersecurity among teams
You can use the best equipment, the latest software, and the services of the most highly skilled experts, but none of that will matter if you don’t educate your staff:
– best practices for passwords, discussed in the following paragraph.
– new risks (directory fraud, CEO fraud, spear phishing).
– phishing (or "hameçonnage" in French).
After all, no matter what measures you put in place, there’s no way to prevent one of your employees from clicking on a link that launches ransomware on your network.
It is therefore essential to provide regular training to everyone who has access to a computer and/or email, whether they are part of production teams, the sales force, or the administrative staff.
After all, isn’t there a well-known saying in the security field that goes:
A company's IT security is only as strong as its weakest link.
In other words, even if 99% of your staff are aware of the risks associated with using networks, it only takes one person—such as a new hire, someone who isn’t involved, or an employee who uses a computer only once every six months—who hasn’t been trained for the entire security framework to be at risk of collapsing.
Passwords: The Foundation of Your Organization's Security
Whether you realize it or not, in 90% of companies, passwords:
– are often shared among users, often without the knowledge of department heads or management, which should be avoided
– created by employees, they’re usually easy for an average hacker to guess. Don’t believe it? Try entering a few of your passwords on this site. Be warned: you might be in for a shock.
– For email and workstation access, the access credentials are identical or nearly identical.
Even more seriously, many employees:
– choose a password that includes their city, date of birth, first name, last name, the name of their organization… In short, information that anyone with a little patience can easily find out. (That’s how a novice managed to gain access to Barack Obama’s accounts.)
– or, worse still, use the same password at work as they do for their personal email address…
Imagine what might happen if that personal password “imported into the organization” were to be compromised…
Educate, raise awareness, and provide reminders. There is no other solution.
Every organization must train its staff on cybersecurity, passwords, phishing risks, and more…
In fact, 55% of organizations have announced an increased budget for 2017, and the trend is still on the rise in 2018.
