Blog

How can I educate my team on cyber security?
Cyber security and resilience EasylifeIT TechTalks Learning Centre

How can I educate my team on cyber security?

How can I educate my team on cyber security?

“Why did I get infected? I have an antivirus” is quite a common question and a good one. Whoever named the most common method of infection “Trojan Horse” certainly knew their history; and for the few who haven’t heard the story or watched the movie; a seemingly impregnable and well defended city was broken by exploiting the trust, ignorance and superstition of otherwise sophisticated people.

They “aren’t really that good with IT” and a little too trusting

This is invariably how the modern day counterpart works; we have all seen the emails purporting to be from UPS, HMRC or an email from a friend with a strange link inviting you to at a “great” website. Most of these are easily spotted and we laugh at their lack of sophistication …. 99% of the time. All too commonly however, someone, somewhere will open it. It maybe that they are waiting for a UPS delivery and the timing is perfect. Perhaps they have recently applied for a tax refund and here is the email they have been waiting and hoping for. Possibly they “aren’t really that good with IT” and a little too trusting because it appeared to come from a friend.

Beware of Geeks bearing gifts

At this point you become Troy; your defences circumvented because of a momentary lapse in attention or ignorance of the risk, and with viruses like Ransomware around that risk is one you want to avoid.
The great news is that the key is often education rather than additional cost. Yes, it is essential to have a good antivirus and firewall, but don’t allow this to make you or your team complacent or encourage a false sense of security; this is singularly one of the biggest dangers to your defenses.

Key Cyber security tips for end users

So, enough of the pre-amble. What are the messages you should impart to your team?

  • Stop and think before you click on email links or attachments. Are you expecting it? Do you really need it? Even if it appears to come from someone you know or a colleague, is what they are asking unusual? If in doubt, call them (dont reply to the email)
  • If you are suddenly asked for your email or system credentials on clicking a link .. STOP! It is very likely that this is a phisching scam to gain acces to your email or system. In simulations, around 2% of users input their credentials .. dont be one of them!
  • Be especially alert and smart when surfing the internet. Resist the temptation to click through on adverts or to see what a celebrity has done this week. We detect and block hundreds of such sites daily that are either “dodgy” or infected
  • Avoid freebies on the internet; they often come with a sting in the tail. Lots of free software these days can come with unwelcome additions if downloaded from the wrong place. Free file, video or music sharing sites are also dangerous. Beware of geeks bearing gifts!
  • Be alert for warnings from your antivirus and don’t cancel a scan just because it is slowing you down. If it is trying to tell you something this should not be ignored .. no matter how busy you are!
  • Allow updates for Microsoft, Java, Flash and Reader to install. A system without updates is a vulnerable one.
  • If you do think you have caught a bug, then you don’t want to infect your network. Unplug your PC immediately and call IT support. Better safe than sorry!
  • Be aware that an antivirus alone cannot protect you against infection and shouldnt allow you to get lulled into a false sense of security. You have a responsibility too!

 

Remember, while your staff are the weakest link they are also your first line of defence. A little training and awareness can save you a world a pain.

 

“How can I educate my team on cyber security/” was written by Lindsey Hall who is a Cyber Essentials accredited practitioner

Related links for further reading