Information Technology

How your employees can help protect against a data breach

By Darren Hockley, DeltaNet International
Information Technology
Published: 16 April 2018

It is becoming more and more commonplace to see high profile data breach cases hitting the headlines. Data breaches can mean big trouble for those involved, and companies can face heavy financial losses and reputational damage. With the arrival of GDPR comes even larger fines, which, if imposed, can have a devastating impact on any business.

UK firms are aware of the serious nature of cyber security and the consequences that can result from having weak processes and infrastructure, with one survey showing that almost half of British businesses (49%) plan to spend more on this area during 2018. No company is immune to the threats, which appear to be ever-growing as hackers find new ways to wreak havoc.

The thing many businesses may not be aware of, though, is that the biggest threat to their IT infrastructure is their employees! Occasionally this may be intentional but most of the time breaches happen completely haphazardly. This means the onus of compliance does not belong to just the higher-ups, but lies with each and every employee to minimise the risk of a hacker attack.

Enlist your employees’ help
Many firms will have already put certain measures in place to improve their cyber security, but they may not have considered the issues that can occur as a result of uneducated employees who might misunderstand the warning signs of a data breach, or what to do if a breach occurs and the potential consequences.

Social engineering is a big problem right now and is just one of the ways in which hackers can exploit confidential material; they capitalise on the errors in judgement of individuals to gain access to personal details which can be used to login to various services. One way they do this is by relying on people having the same passwords for multiple different sites, which they can uncover without even breaking a sweat!

It’s important that all employees understand the importance of good passwords and how to manage them – either through an internal training session or an eLearning course. You may also wish to recommend an app like LastPass which acts as a vault for your passwords, while also having the functionality to create randomised letter, number and character combinations.

‘Man-in-the-middle’ attacks are also becoming more and more widespread. This particular method of attack involves a hacker gaining access to your company’s network and/or intercepting communications so they can eavesdrop, collect data, and interfere with your employees’ transmissions. Some simple steps can be taken to minimise the risk of falling victim to this type of hacker practice, e.g. educating your employees on the issue of working on company laptops or phones from unsecured Wi-Fi networks, and accessing sites without the secure ‘https’ protocol.

Not all changes need to be online-focused. Disorganised desks and documents are another warning sign that your business is at risk of a data breach. Remember, it is the law to dispose of confidential waste correctly – you can’t just scrunch paperwork up, put it in the bin and forget about it! Organise a ‘spring clean’ with your employees and get them to file away anything that contains sensitive information. Anything that’s no longer needed should be destroyed by a cross-cut shredder at the very least to minimise the chance of reconstruction.

Continuous training is key
Asking your staff to become the ‘eyes and ears’ for the company helps them to feel more involved and appreciated. A comprehensive training plan should be put in place which includes topics like password protection, social engineering and ‘man-in-the-middle’ attacks. Once executed, make training material readily available to staff so that they can refresh their knowledge at any time. It’s also useful for new employees and should be continually updated to reflect the current legal landscape.

About the author
Darren Hockley is MD of eLearning provider DeltaNet International, which offers a wide range of courses for businesses including training on cyber security.