PCI Services Blog

5 tips to fortify the Human Firewall for Business IT

Posted by Richard Common on 13-Jan-2017 21:00:00
Find me on:

 

1. Formulate and adopt strong security policies

Potent data security starts with strong policies. Policies in business IT and data protection are the rules that manage what's safe and what's not. The policies formulated should be able to address the concerns and practices of your organisation, for example:

  • Hardware disposal.
  • Authenticating senders of emails and messages.

It is good practice to keep company policies within reach of all employees. The training you offer must integrate all the policies that have been adopted. This will provide your employees with reasons why specific practices are adhered to. It will also provide direction to your awareness project. 

2. Put the training plan into practice

For a training plan to be efficient and effective, it should be able to deal with both on-project training and ongoing awareness. This can be delivered in-house or outsourced to a training provider. This way, newly recruited employees will grasp your company's security practices as soon as possible, and long term employees will have the advantage of day-to-day fortification of security habits. Here are few pointers to start you off:

  • Draw up ambitious goals and means to realise them.
  • Develop a timetable highlighting when each of the diverse phases of the training will occur.
  • Communicate information to the employees. This way, you'll exhibit your commitment to putting into practice the awareness program and will ensure every employee is on the same page.

3. Guard against phone scams

A caller might advertise themselves as:

  • A supplier requesting a BACS transfer.
  • A technician from an IT Support company asking you to duly upgrade your Computer.

These requests that seem authentic may catch anyone off guard. Scam artists, commonly known as hackers, normally take advantage of human weaknesses. If your business isn't prepared for such hack attempts, any employee that answers the call might end up being the weak link that puts the organisation at risk.

To guard against such phone scams, integrate scam/phishing/malicious intent mitigation into your training.

4. Do not allow your employees to give in to the phishing bait

Phishing entails fraudulent or criminal attempts to mine sensitive data such as passwords, usernames, and credit card data by disguising as an authentic entity. Statistics show that over 90% of all cyber attacks begin with phishing. Although advances in technology have brought about anti-malware software and anti spam email security services, the best and effective way to train your employees to dodge phishing is to show them real-life cases.

An individual can also spot phishing by checking out the following traits:

  • Generic greetings: A scammer almost always begins an email with generic non-specific salutations like dear customer or dear user.
  • Poor layout, spelling or grammar: Some Phishing websites and emails might look like the real thing, but may have poor layout, grammatical and spelling errors. Some are sophisticated and will exactly match the real website but for 1 or 2 giveaway clues. This should be a red flag that a scammer is hoping you will be the next victim.
  • Requesting immediate action: Many phishing websites and emails try to force you to give up personal or business data accompanied by threats that your account could be downgraded, changed or even closed down if you don't take immediate action. An email that forces you to instantly supply sensitive personal or business data should be a warning sign of possible scam.

5. Individuals should be able to detect fake websites 

A training program should encourage individuals to be extra vigilant, especially with fake websites. Individuals should not just submit their details as if on autopilot. They should instead get in touch with the sender using contact details harnessed from a separate source. At all times, avoid using links, numbers or email addresses that occur within a suspicious website or email. To determine whether the number is real or fake, you could take advantage of a phone directory, google search or better still, open up a new browser window and physically key in the website's URL -just avoid clicking right on the URL.

Overall, the most potent tool to prevent these rampant cyber attacks and data mining is training. You want your employees to quickly recognise threats and make informed decisions without being overwhelmed or to lose confidence.

Do you need help with IT training, policies, or more information?

Click to register interest and I'll call you back

Related resources:

Topics: Security

Leave a reply