Story image

Three ways businesses and employees can stay smart online

13 Oct 17

People are the potential weak links in the fight against cybercrime, but with effort businesses and employees can work together to protect themselves and their organisations, according to Palo Alto Networks.

According to the company, it takes just one unwary employee to share their password or plug in an unauthorised device to put a company at risk - and compromise their entire network. As such, it is crucial for businesses and employees alike to stay smart online.

“Employees don’t usually want to harm the business they work for but it’s human nature to make mistakes, or to misunderstand the level of risk. Businesses need to educate employees and ensure they’re taking simple steps to stay smart online,” comments Palo Alto Networks regional vice president A/NZ, Ian Raper.

Here are three key areas in which risk can be introduced to an organisation:

1. Employees working from home or remotely

In many cases an employee’s home network is nowhere near as secure as the corporate network, creating a vulnerability that hackers can exploit. This can be particularly lucrative if the employee accesses sensitive or commercially-valuable information from home. So businesses must:

  • protect remote devices by implementing security software and installing the latest versions of applications and security patches immediately. Mobile devices should be remotely wipeable in case they fall into the wrong hands
  • require employees to use strong passwords and two-factor authentication
  • prohibit employees from storing information on their personal desktop
  • use a virtual private network (VPN) to protect traffic and prevent tampering with data.

2. Credential theft and phishing

Hackers still steal people’s passwords and credentials because it remains one of the fastest and most effective ways to gain access to networks. There are three key components to blocking phishing attacks:

  • educating employees so they understand what a phishing attack looks like and what to do if they suspect they are being targeted
  • creating processes that reduce the chances of employee errors resulting in credential-based attacks. This can include measures such as flagging phishing attempts, resetting passwords, automatically blocking suspect sites and emails, and understanding how sensitive resources can be protected
  • implementing technology such as threat intelligence tools to identify and prevent employees from visiting phishing sites.

3. Human error

People will always be the weakest link in the cybersecurity chain but it is possible to reduce the amount of error. This includes:

  • incorporating security awareness into the organisational culture through relevant, frequent training (perhaps using gamification to increase engagement)
  • moving beyond a compliance-driven approach and showing employees how to protect their personal data, which can then extend to protecting the organisation
  • limiting the number of employees with administrative access, which shrinks the risk footprint.

“Too many businesses still focus on threat detection and mitigation when they should be focusing on prevention. By strengthening their employees’ awareness of and commitment to cybersecurity, businesses can dramatically reduce the chances of a breach occurring at all,” Raper concludes.

STT GDC to build hyperscale data centre in Singapore
ST Telemedia Global Data Centres (STT GDC) today unveiled ambitious plans for expansion with its largest data centre in Singapore to date.
Golden opportunities for enterprise e-waste reduction
E-waste is a hot topic in tech circles, and Park Place's EMEA MD believes there could be huge opportunities if data centres and enterprises improve their practices.
How Schneider Electric aims to simplify IT management
With IT Expert, Schneider Electric aims to ensure secure, vendor agnostic, wherever-you-go monitoring and visibility of all IoT-enabled physical infrastructure assets.
Pitfalls to avoid when configuring cloud firewalls
Flexibility and granularity of security controls is good but can still represent a risk for new cloud adopters that don’t recognise some of the configuration pitfalls.
Cisco dominates record-high Ethernet switch & router markets
While the market is flourishing, it’s tough-going as Cisco has increased its majority share of the pie.
Why total visibility is the key to zero trust
Over time, the basic zero trust model has evolved and matured into what Forrester calls the Zero Trust eXtended (ZTX) Ecosystem.
Gartner names Proofpoint Leader in enterprise information archiving
The report provides a detailed overview of the enterprise information archiving market and evaluates vendors based on completeness of vision and ability to execute.
QNAP introduces new 10GbE and Thunderbolt 3 NAS series
The new series is supposedly an all-in-one NAS solution for file storage, backup, sharing, synchronisation and centralised management.