The latest Cyber Threat Report by the Australian Cyber Security Centre (ACSC), covering the period of July 2021 to June 2022, reported a 14% increase in the monetary costs of cybercrime to small, medium and large businesses. Business Email Compromise (BEC) attacks caused an average loss of $64,000 per incident reported to the ACSC.
The sophistication of cyber attacks has increased, especially since the pandemic’s beginning and threat actors continue developing sneakier ways to breach systems or trick people into providing access.
Your team is critical to protecting your business, but how do you know if they are doing their part? If you complete a cyber security audit of your business, you might notice the following signs that indicate your team needs a refresher.
Does your team adhere to password best practices?
Passwords are the first line of defence against cyber attacks. If your team does not adhere to password best practices, your business is potentially at risk. Common bad practices include using the same password for multiple accounts, using weak passwords, or sharing passwords with others.
If your team is not following password best practices, it’s time for a refresher. Train them on the importance of strong passwords and using a password manager. Solutions like multi-factor authentication (MFA) can provide additional protection for breached passwords, so it is also best to educate your team on why they should turn on MFA.
Did a large portion of your team click on a phishing simulation?
Threat actors’ techniques to conduct phishing attacks have become trickier to recognise. Where a phishing attack might once have looked obvious – coming from a strange email address, poor grammar and a link that didn’t resemble anything familiar – now, threat actors use fake websites, copy company designs or even duplicate email notifications for SharePoint access links.
Phishing simulations typically involve sending mock phishing emails to employees to see if they take the bait and then providing feedback and training to those who fall for the simulated attack. If a large portion of your team clicks on a phishing simulation, it’s a sign that they may be unable to detect a real phishing attack.
It’s important to provide regular phishing training to your team to help them identify and avoid phishing attacks. Ensure they know what to look for in a suspicious email, such as a generic greeting or a request for sensitive information.
Are your staff following company policy?
If your team are not following cyber security policies, it may indicate that they are not fully aware of the potential risks and consequences of their actions. By not following these policies, people may inadvertently create vulnerabilities that cyber criminals can exploit, such as weak passwords or unauthorised access to company systems. They may also risk company data by sharing it with unauthorised individuals or using personal devices for work purposes.
A cyber security refresher can help address these issues by reminding employees of the importance of following cyber security policies and up-to-date information on new and emerging cyber threats. It can also provide training on best practices for password management, data sharing, and device security. In addition, a cyber security refresher can foster a culture of cyber security awareness and responsibility among employees, reducing the likelihood of successful cyber attacks.
Is your hybrid workforce accessing data from personal devices?
With the rise of hybrid work, many employees are accessing company data from their personal devices. While this can increase productivity, it also increases the risk of a potential cyber attack. Personal devices are often not as secure as company devices, making them an easy target for cyber criminals.
If your team is accessing company data from their personal devices, it’s important to ensure they follow best practices. This may include using a VPN, keeping software up to date, and not sharing devices with others, such as family members.
Layer 8’s Cyber Escape Rooms give your team the refresher they need
Our Cyber Escape Rooms are a tried and true method of ensuring your team gains and retains valuable cyber security and awareness knowledge. Whether working remotely or finding a cause to get the team back together, we can tailor a physical or virtual Cyber Escape Room to suit your group. You can book a preview session to learn more about the fun and engaging experience.
