Statistically, employees are the weakest link in an organisation’s cyber security. However they are also the most targeted by attackers – 83% of responders in the Cyber Security Breaches Survey 2021 reported that they had been targeted in phishing attacks.
Furthermore, as organisations move to more permanent remote working or hybrid working patterns, employees will either work exclusively outside the office’s protected network, or will move between less secure home networks and the office network, potentially weakening the network.
As a result, it is important for organisations to encourage safe internet practises and implement measures to protect themselves. This Safer Internet Day, we provide our advice for organisations to protect their networks from internet-based attacks.
1. Stop malware in its tracks with endpoint security software
The internet may be used by attackers to spread viruses such as ransomware, trojan horses, worms, bots, and more through unsafe websites or links included in emails.
Antivirus and endpoint software protects computers when browsing the internet. An effective endpoint security package will protect the organisation from a wide range of malware by preventing browsing to malicious sites, blocking malicious traffic, monitoring for hacking activity, and actively searching for vulnerabilities on the device.
Antivirus software should be installed on all devices to protect them from being taken over by attackers who may use them to launch an attack against the organisation.
2. Update software regularly to protect from the latest vulnerabilities
Software companies from internet browser companies to applications and security companies constantly update their products to introduce new features, and fix any vulnerabilities that could be exploited. If these updates are not applied, the organisation may be at risk of attack through one of these vulnerabilities.
Updates should be updated as quickly as possible whenever an update is released. Where possible, these updates should be automated to cause as little disruption as possible to employees. Where employees need to make updates to their own computers, they should be educated about the importance of not ignoring them.
3. Secure internet connections with a VPN
In today’s remote working world, employees may be connecting to the office network over the internet. If they are using an unsecured internet, this connection could harm the office network.
A VPN helps keep employees safe when they browse the internet or connect to the office network. The VPN (virtualised personal network) masks the connecting computer’s IP address, creating a secure tunnel over the internet which encrypts traffic as it flows between an employee’s remote computer and the office network.
Encouraging employees to use a VPN when connecting remotely to the office’s secure network will enable them to protect the network at the same time as they connect to the office’s internet defences, and keeps malicious actors out.
4. Control access to the internet in the office
Ensuring that employees know how to use the internet safely (see below) is just one part of the story. There are many technical solutions that organisations can implement in order to support them from coming in contact with internet threats in the first place.
Just some of the technical controls an organisation may choose to implement include:
– Prevent access to personal web-based email accounts on work devices as they may lack email controls and could introduce malware to the network.
– Blacklist certain websites, applications, or IP ranges. This means that even if an employee tries to access them, they won’t be able to.
– Don’t allow employees to navigate to unencrypted websites (http websites).
– Provide approved software packages for employees to use safely, and prevent them from downloading software that may contain viruses and vulnerabilities.
– Create separate networks for guests and external devices to protect the office network from any viruses that they may have from less secure networks.
5. Encourage safe internet practises through education
Employees are the targets of many different cyber attacks. They are bombarded with phishing and other social engineering attacks, and passwords are attacked in brute force attacks. An education programme that supports employees to understand their cybersecurity responsibilities, and how they can play their part in staying safe on the internet.
A safe internet practises programme should include training on the following:
– How to protect account details from attack, including creating strong passwords, and how to store credentials safely.
– How to identify phishing attempts in an email, text message, or website.
– The importance of multi-factor authentication (MFA).
– How to identify malicious websites when on the internet.
– How to work with the information security team to adopt safe practises at work.
Get a free cybersecurity assessment for your business
At Transputec, we manage your daily cybersecurity so you can focus on what’s important to you.
Contact us for a free cybersecurity consultation.