To safeguard against malicious parties exploiting a company’s cybersecurity vulnerabilities, a business must educate its employees on the malicious threats that exist out there. Employees, after all, need to be trained to be cyber-savvy. Otherwise, a misinformed or careless employee can be the reason for why a cybersecurity incident occurs.
Accordingly, employees must be trained on the various threat vectors that could potentially harm a firm. These threat vectors that employees must be educated on include malware-ridden links, phishing email attachments, and ransomware. Hence, the most favorable protocol is to implement best practices on incident-response, whereby employees report certain questionable cybersecurity incidents – whether present in emails, network traffic, application traffic, even user behavior.
Here are the kinds of IT security incidents that businesses must apprise their employees of:
Disgruntled Employees. If an employee (past or present) is exhibiting erratic or suspicious behavior, report the incident immediately.
Malicious Media. Any discs or USBs (thumb drives, flash drives) that aren’t accounted for or that find their way randomly within reach, without knowing their origin, should be reported — for they might be infected with malicious software.
Phishing, Spam, Ransomware, and Other Malware. Any unusual email, texts, or instant messaging with links should never be clicked — not even those that arrive by mobile text or through social media. Instead, report them.
Piggybacking and Tailgating. If someone snuck into a secured area or checkpoint by following someone else – that should be reported. Similarly, if someone with legitimate access allowed another person into a secure area or checkpoint, that should be reported as well. Only those with proper credentials have permission to be in access-controlled areas.
Privileged Access. Login credentials should not be shared, for doing so imperils a company’s data, information (intellectual property like copyrights, patents, even trade secrets), and resources, not to mention its reputation. If unnecessary access to company information has been given, this should be reported.
Social Engineering. When an unknown person (automated or real) or an unknown party is calling or making attempts to convince an employee to dole out sensitive information, report this. If this is occurring in person, the social engineer might be disguised as the FedEx deliverer, utilities repair person (water, phone, electricity, cabling, internet, etc.), or even a (potential) customer.
Personnel who are Lackadaisical about Cybersecurity Best Practices. These types of employees are the weakest link in the corporate infrastructure. Cybercriminals often target these careless individuals because they make for an easy way of gaining entry into a company’s information infrastructure.
Why is it crucial to report IT security incidents? Ultimately, reporting brings about awareness, which helps in lowering the risks of data breaches.
Do you want to train your personnel on how to be cyber aware? Then consider contacting us here at IT Connect 360, where we offer training courses to fit your enterprise needs.
