The human element remains the weakest link in cybersecurity, as an annual report reveals that 85% of all data breaches are in one way or another caused by an employee.
As digital technologies are increasingly being embraced and have become essential in modern organizations, no industry is safe from cyber criminals exploiting their weak spots.
Oliver Noble, an expert in cybersecurity risk management at NordLocker offered insights.
“Identifying where the risks lie is a good start. But organizations also need to invest in cybersecurity awareness campaigns that address specific risks,” says Oliver Noble.
Below, he lays out how security-oriented work culture is put into practice at NordLocker and encourages other companies to implement a similar approach.
Security training embedded into onboarding
First impressions matter, thus emphasizing security early instills the company’s priorities.
At NordLocker, newbies enroll in an interactive course that goes over the company’s policies, informs why they are important, and quizzes the participants with real-world situations.
This makes cybersecurity a learning experience and not a form to sign and forget. If internal training is not an option, a firm might consider hiring a third party to do it for them.
Social engineering
Psychological manipulation to access confidential information is the biggest cyber threat. Courses on how to identify them should fill a big portion of cyber security training.
“At NordLocker, we have had our share of such attempts. We’ve received “friendly” LinkedIn messages asking for internal information. We’ve even seen hackers posing as the company’s senior executives and sending suspicious messages to employees,” reveals Oliver Noble.
Preach situational awareness and instruct employees to avoid clicking on any links in emails and downloading any file attachments unless they come from a verified source.
At NordLocker, we trust that experience is the best teacher. We use drills, imitating phishing attacks on the entire staff to gain an overview of the company’s security posture.
And for employees, the results of such a drill could end up being an eye-opening experience. Open source tools like GoPhish are great for such simulations.
Physical security
The physical aspects of security are as important as their digital counterparts.
They range from trespassing like piggybacking or tailgating, to locking the work station when not at the desk. Establish clear WFH/WFA protocols like avoiding public Wi-Fi.
Promote general environmental awareness when discussing work-related information. Physical threats to cybersecurity are genuine and should be considered in every course.
Secure development
Consider embedding security into the DNA of your programming operation.
Investing in secure development training and checking the integrity of your code with open source tools such as Web Security Dojo will go a long way.
“At Nordlocker, we have recently started deploying a security champion program.”
“It makes sure that every team of developers has at least one person well versed in secure coding who amplifies the security message on a team level,” explains Oliver Noble.
Risk awareness
Provide easy ways to reach resources for learning and to report potential threats. NordLocker has special channels for alerting any suspicious activity and getting help from the risk staff.
Together with a healthy company culture that promotes openness rather than secrecy, these practices could reduce cyberattacks and mitigate the damage if one should happen.
NordLocker is the world’s first end-to-end file encryption tool with a private cloud.
Created by the cybersecurity experts behind NordVPN, NordLocker makes sure that your digital files and folders are protected from hacking, surveillance and data collection.
