9. Cyber Security at Work
If you are an employee whose employer uses any form of technology, you must understand that cyber criminals WILL target your company no matter how big or small. YOU have an essential part to play in defeating this. It is NOT just an IT department problem.
- 50% of Small to Medium size businesses (those with 1 to 249 employees) go bust within six months of a cyber attack, if it takes a week or more to recover 1
- 43% of businesses reported a cyber security breach in the last 12 months 2
- YOUR data will probably be in your company systems too – HR, payroll, pensions – and as such is at risk from a successful attack
- As such you must take this seriously
- Understand that phishing attacks against YOU are the greatest threat
- Understand how to report phishing – help protect colleagues who may miss the signs by reporting. DO NOT simply forward to IT unless you are sure that is your company policy
- Use good STRONG PASSPHRASES to protect your account
- Own up if you have access to systems or data you do not need to do your job – this reduces what any cyber criminals can access if they compromise your account – and is essential under GDPR
- Understand what your role is in the event of a cyber incident… if your machine suddenly displays ransomware what are you expected to do? If you are not sure – ASK NOW before it actually happens!
- Have a note of IT’s real phone number available to you and your team – it is no good on the computer if the computer goes down, and extension numbers may stop working
- Discuss with IT what your team needs recovered first to start working again quickly should everything go wrong and the company resort to backups
1 Cyber Essentials – NCSC
2 Cyber Security Breaches Survey 2019
The National Cyber Security Centre have created an online platform for staff to train – ‘Top Tips for Staff‘. It runs in the web browser, is totally free, easy-to-use and takes less than 30 minutes to complete. The training introduces why cyber security is important and how attacks happen, and then covers four key areas:
- defending yourself against phishing
- using strong passwords
- securing your devices
- reporting incidents (‘if in doubt, call it out’)
The training is primarily aimed at SMEs, charities and the voluntary sector, but can be applied to any organisation, regardless of size or sector. It’s been deliberately designed for a non-technical audience with tips that complement any existing policies and procedures.
We have separate guidance for owners of businesses of any size. This includes information on the support services SEROCU’s Cyber Protect team can offer you for free.