5 ways to revitalise your team’s cyber security habits in the new year

As you set business goals and agendas for the new year, I encourage you to revisit your team’s cyber security habits and give them a refresher. Take this opportunity to review and assess cyber security behaviours in your organisation, identify areas for improvement and encourage your team to do their part.

If you’re unsure where to start, here are five areas that we recommend starting with:

Review passwords

Strong, unique passwords hinder successful brute-force attacks and prevent hackers from guessing simple combinations. Remind your team to use complex passwords with a mix of letters, numbers, and symbols. People often use repeated passwords for fear of forgetting them, so it might be time to introduce a password management tool. This also helps people share logins without actually revealing passwords.

Conduct phishing training

Financial losses from scams cost Australian businesses $23.2 million in 2022, an increase of 73% from the previous year.  This year, we recommend conducting training programs that teach people to recognise phishing attempts by looking for unsolicited information requests, misspelt URLs, and suspicious attachments. Phishing training focuses on more than simply telling people what to look for; a training partner can also deploy phishing simulations that test your team on their knowledge. Providing ongoing training will help people test their knowledge and maintain continuous awareness and vigilance against these threats.

Top methods used by scammers in 2022

Source: ACCC.

Complete regular software updates

Part of your cyber security awareness and training program should emphasise the importance of regular software updates. Software patches fix known vulnerabilities that threat actors could exploit to harm your organisation. In FY2023, the Australian Signal’s Directorate (ASD) found that threat actors exploited 1 in 5 vulnerabilities within 48 hours of the developer releasing mitigation advice or a patch. Encouraging your team to set up automatic updates reduces the likelihood of threat actors taking advantage of this.

Set up multi-factor authentication

Encourage your team to implement multi-factor authentication (MFA). Authentication apps are the most secure method, but people can use SMS codes, their face or fingerprint, or confirm login on another device, depending on what is most convenient. It’s important to note that some people may feel put out by adding another step to the login process, so MFA solutions should reduce friction as much as possible. 

Recognising suspicious links

In extension to phishing training, your team must be able to recognise suspicious links. The difference between a real link and an imitation may not be immediately evident, such as a misspelt URL. Malicious links might include an extra letter or use alternate characters resembling letters. Best practices for verifying links include hovering over them to preview the URL, checking the website’s legitimacy, and using link verification tools. Always approach unsolicited links with caution, especially in emails and messages.

Conclusion

The new year is the perfect time to revisit your team’s cyber security habits and remind them of best practices. Regular, engaging training sessions can help people retain knowledge and test their skills. Encouraging a refresh of passwords, phishing training, software updates and MFA, alongside regular training, is crucial for starting the work year in a secure digital environment.

Engage your team with a Cyber Escape Room by Layer 8

Our unique, gamified approach to cyber security training cements habits like these. We merge the thrill of gaming with in-depth cyber security education through an interactive and memorable learning experience that teaches critical skills and encourages memory retention. Visit our website for more information on our Cyber Escape Rooms and to book a preview session.

Related blogs

Where your current cyber security training program falls short

8 essential components of a solid cyber security education plan

What are the signs your team needs a cyber security refresher?