Workplace Safety & Health Co. Inc. Blog

  • Home
    Home This is where you can find all the blog posts throughout the site.
  • Categories
    Categories Displays a list of categories from this blog.
  • Tags
    Tags Displays a list of tags that have been used in the blog.
  • Bloggers
    Bloggers Search for your favorite blogger from this site.
  • Team Blogs
    Team Blogs Find your favorite team blogs here.
  • Login
    Login Login form
Subscribe to this list via RSS Blog posts tagged in cybersecurity

Even before the COVID era and remote working becoming so prevalent, many employees were using their mobile phones to access company email, networks or data. This “bring your own device” work culture is definitely a security risk to not only your employees, but to your company as well.

Smartphone security has not kept up with traditional computer security, and your employees may be vigilant when it comes to security breaches on their desktop or laptop, but we are all more distracted when it comes to our mobile devices as we quickly scan through emails, text multiple people and scroll through different social media, usually all at the same time. This makes our phones very attractive targets for scammers – tricking us into joining rogue Wi-Fi networks or tapping fake emails without even thinking.

A 2019 study on the mobile threat found that 57% of companies have experienced a mobile phishing incident. Phishing is the most common cyber threat, especially for companies. It is estimated that 9 out of 10 data breaches start with a phishing attack, and when we are on our smartphones, we tend to not pay as much attention to what we are clicking – plus the smaller screens make red flag less noticeable.

Making sure your company has a strong cyber security system and communicating the importance to your employees is a must nowadays. Here are a few strategies that everyone can incorporate today that can help keep your employees and your data safe, but even these are not 100% guaranteed:
• Use secure access points, such as virtual private networks (VPNs). These allow you to extend your private network across public Wi-Fi using encrypted virtual point-to-point connection, enabling and maintaining secure access to your company’s resources.
• Have your employees create a secure network for business transactions in their home offices. Most home routers allow for the creation of multiple networks, such as a home and guest connection. Adding a password protected network for work connections means your employees can keep their families’ personal devices separate from work devices.
• Make sure your company is installing updates across all devices and systems on a regular basis. Regular updates and patches ensure your systems are protected against known vulnerabilities.
• Always make sure your employees are using strong passwords and two-factor authentication across all devices and accounts. It cannot be stressed enough that passwords should be complex, meaning they should incorporate numbers and special characters and should not be the same ones used across multiple accounts. As a business, you may want to look into a password management software to help your team keep track of their passwords.
• Be vigilant when responding to emails, especially those with links and attachments. Remind your employees to never click on those links or attachments from an unknown sender – and even if the email seems to come from a trusted source, be sure they are looking closely at the email address or website URL. Inform your employees to make sure they let your IT department or contact know of any suspicious emails right away, as well as letting them know if there is a possibility of a breach.
• Install anti-malware and anti-virus software across all devices and networks, which will stop the majority of attacks.
• Make sure your company has a Cyber Response Plan in place and that all your employees are aware of this plan – and that everyone knows who to contact if they suspect a breach, both during work hours and after-hours.

Nowadays, cybersecurity is the responsibility of all your employees, but taking these steps to protect your business can alleviate many of the breaches from ever happening. In our next blog, we will discuss more specifically on what your employees can do to make sure their mobile devices are more secure, as well as what to do if their devices are stolen.

 

Posted by on in Uncategorized

When we think about cybersecurity, most of us think it is a larger problem for big entities such as banks, tech companies, and the government, but truth be told, smaller companies with less than 1000 employees are at the greatest risk with 43% of all cyber attacks being aimed at small businesses? October is Cyber Security Awareness Month, and this year’s theme is “Do Your Part. #BeCyberSmart.”

Here are some pretty shocking cybersecurity statistics:
• It takes half a year to detect a data breach
• 91% of all attacks are launched with a phishing email
• A business falls victim to a ransomware attack every 14 seconds
• 38% of malicious attachments are masked as a Microsoft Office file
• Companies face an average of 22 security breaches in 2020
• The global cost of online crime is expected to reach $6 trillion by 2021

In today’s world, with many companies being more open to remote work and with many employees working from their personal devices, such as checking emails from their phones, cyber threats are all too common nowadays. Being diligent with prescreen hiring, training your current employees on staying cyber safe and setting expectations for third party associates when it comes to cybersecurity are extremely important. Risks should always be accurately assessed and, when possible, minimized. Every person in your organization has a role in mitigating the risk of a cyberattack.

Here are some basic tips to keep your workplace safe when it comes to cybersecurity:
• Take inventory of all your company’s devices – all hardware and software – because you cannot defend what you don’t know you have.
• Lock up your devices – no matter where your office is located. All devices, including computers, laptops and cell phones, should be locked with a secure password.
• Use two-factor authentication if possible as it’s an extra layer beyond just a typical password. This should be a must for anyone accessing sensitive networks or data.
• For those working outside an office network, make sure your employees are never using wi-fi without a VPN (Virtualized Personal Network). Using public wi-fi networks without this extra security can expose your organization’s accounts and data to malicious cyber threats.
• Train employees on cybersecurity – and remind and empower your employees to question any suspicious looking emails, especially those with urgent subject lines and billing-related attachments. Always hover over a link before clicking to ensure you are being directed to the intended URL.

 

We’ve heard the news stories of major companies having data breaches – including credit card companies, hospitals, and airlines. The list goes on! Most breaches occur in North America with an estimated average cost of a data breach being over $150 million by 2020. Creating a culture of cybersecurity is critical for all organizations, and one of the first steps to protecting your business from a cyberattack is implementing a cybersecurity checklist with all the necessary precautions in place. Keeping these steps in mind can save you and your employees in a world full of hackers:

• Limit physical access to your sensitive information – make sure your servers are not accessible to visitors or employees without security clearance
• Physically secure network access points – i.e. employee workstations, WiFi outlets. If you allow guests to use your company WiFi, make sure they have no access to your inner network and that your router and other devices are password protected
• Conduct employee background checks – it is important to take potential insider threats into account as your own employees can pose the biggest threat to your company’s data
• Educate your employees on the risks of cyber threats and proper habits/best practices to keeping not only the company’s data out of harm’s way, but their own sensitive data – make sure they know who to contact in case they suspect a security breach while at work or on work computers
• Configure and maintain firewall and anti-virus protection – and always keep it up-to-date; also a good idea to limit and filter out questionable websites which could be havens for dangerous malware
• All communications should be encrypted and monitored, including traffic monitoring which can detect suspicious network activity
• Maintain redundant connections for critical systems, so your network can continue to run if your security is compromised
• Establish regular backups and store them in a secure manner – preferably in an inaccessible location separate from your main network

These steps help create a security perimeter and safeguard your data from such attacks as malware, ransomware and other external breaches. Protecting your business’s data is just all-around good business as your customers are at risk when your business is hacked or has a security breach. Creating a culture of privacy is a win-win for all – except the hackers! And that’s fine with us!

certifications 2020

American Society of Safety Professionals View Workplace Safety & Health Company, Inc. profile on Ariba Discovery
Go to top