Corporate Cyber Security Begins at Home

How employees’ personal cyber practices put your company at risk

All month TalaTek is covering critical topics in support of National Cyber Security Awareness Month. Follow us at TalaTek.com or on Twitter. Each year companies pour more money into cybersecurity technologies and training to protect valuable data and assets. Global spending this year is on pace to reach $90 billion, according to research firm Gartner. Top-notch technologies are indeed effective deterrents to cybercrime, but cyber security practices are equally critical and should be clearly defined in company policy. Certainly employees’ online behaviors are surveilled in-office, but what happens when they return home, no longer under the watchful eye of the IT department? Most admit they aren’t as vigilant away from the office – inviting risks that can impact an entire enterprise.

Unencrypted Wi-Fi: Users commonly use unencrypted Wi-Fi at home or in public. Hackers exploit these “open” connections to the Internet to gain access and capture sensitive data, personal or business.

Weak passwords: Despite repeated warnings not to, users choose dangerously simple passwords, leaving their online accounts and devices vulnerable. Devices connected to your company network exposing you to risk.

Social engineering: People are admittedly less vigilant when on social media and personal email, both targets for social engineering and phishing schemes. Malware and other malicious code can implant itself onto employee’s devices without their knowledge and then your network, if that device is synced at work.

Personal use of work devices: Employees, even their family members, often use company devices for personal matters. Such casual use without security awareness can lead to careless clicking, lured by a helpful app that turns out to be ransomware, or a fun game that actually is a Trojan.

BYOD: There are countless ways your employees could be exposing your company to risks simply by using their personal devices and blurring the lines between work and personal use. For example, if they store confidential company data on their devices, they are inviting considerable risk if that device is lost or hacked or even automatically backed up to the cloud.

What does that mean for your organization? With the prevalence of remote workers and BYOD, how can security officers manage the risk?

Define and enforce: Ensure you have a well-defined and enforced cyber security policy, with clear guidelines for mobile devices. Limiting how and where these devices can roam on your network is the best option to limit exposure, even if users complain. Lean on end point and mobile device management technology to help enforce parameters.

Monitor your networks: If you have good baseline data on normal patterns of behavior and use, anomalies are more likely to be evident, enabling you to spot and stop malicious behavior sooner. Establishing a continuous monitoring program, key to most security controls, is the foundation you need.

Secure personal devices: Tactics like encryption and multifactor authentication can be deployed even to personal devices, increasing security and mindfulness of good cyber hygiene. Some organizations go as far as instituting a remote “wiping” requirement in the event of loss or theft of personal devices used for work purposes.

Educate: Consistent and ongoing education of employees on the need for good cyber hygiene both at work and at home is imperative. As the threat landscape evolves, so does the need to educate employees on the latest threats and how to avoid them.

Test your employees: Nothing drives home the lesson more than a “live fire” exercise, demonstrating the outcome of poor cyber hygiene. There are numerous services available that simulate phishing and other attacks, enabling you to test your employees safely. Reward those who do well and further educate those who miss the signs of an attack.

TalaTek can strengthen your policies and procedures governing your employees’ cyber practices. Contact us to learn how we can help your organization apply a sound information security strategy across your organization.  Contact us at info@talatek.com