Today is Safer Internet Day. The key is a layered cyber-security approach, writes Andrea Babbs, pictured, VIPRE SafeSend’s UK General Manager.
Life and work as we know it is changing as a result of the Covid-19 crisis, yet cybercriminals have used this to their advantage, producing ever more sophisticated, convincing and dangerous methods to target businesses and individuals. As the frequency and sophistication of cyberattacks increase at an alarming rate, action must be taken.
Technology has a large role to play in helping both users and businesses keep safe – but technology alone can’t prevent every type of attack. Instead, a combination of technology, regular training and tools that help the user to thwart potential hacks can provide a layered defence for organisations to mitigate the threats they face.
Technology, including solutions that provide vital protection against email mistakes, can help users spot phishing attacks. Such digital tools can automatically flag an email when it identifies that it is not an allowed domain, enabling the user to cancel send and avoid falling for the phishing attack. In addition to email security and endpoint security that protects against emerging threats such as spyware, viruses, ransomware etc., this can be a valuable tool in an organisation’s armoury.
The user themselves are a key part of any security strategy. Those that are educated about the types of threats they could be vulnerable to, how to spot them and the steps to take in the event of a suspected breach are a valuable and critical asset. For businesses, employees need to be trained to be vigilant, cautious and suspicious and assume their role as the last line of defence when all else fails. The key is to change the mindset from full reliance on IT, to one where everyone is responsible.
One element of ensuring that the workforce is alert to the threat of phishing emails is to conduct a regular internal phishing email campaign that can also provide analysis on which employees failed to spot the phishing attempt, and therefore, may require additional training. However, training shouldn’t just be a tick-box exercise either, a once a year session on cyber threats won’t be enough to keep the workforce sufficiently informed and vigilant.
The essence of a solid cyber-security strategy is a layered defence that includes endpoint security, email security and a business-grade firewall for the security of your network. But even with the most sophisticated software in place, hackers make it their mission to stay one step ahead of IT defences. That is why regular training, in addition to complementary security tools, can provide a fortified strategy for users to mitigate the threat of a cyber attack.
