Cyber Resilience

Cyber Resilience Begins with your People: 6 Key Things to Start With

09/06/2022
Cyber Resilience

As cybersecurity threats continue to evolve rapidly in our digitally-dependent and connected world, the same urgency is required in training and equipping your people in recognising cybersecurity warnings and knowing the next appropriate steps to take. This in turn allows them to be effective agents at the forefront of closing every digital door left ajar, in a concerted effort to thwart malicious actors from peering into your data systems, uninvited.

Here are some ways you can begin the conversation on cyber-preparedness with your people:

1. Teach them about phishing email scams

Phishing emails are a common type of cyber-attack where hackers send spoofed emails that appear to be sent from a legitimate source in an attempt to deceive victims into clicking malicious links or attachments, as well as divulging personal information.

Inform your employees to be on the lookout for some common red flags:

  • The sender's email address does not match the name of the company or organisation they claim to represent;
  • The email contains grammatical errors or unusual language;
  • The email includes a sense of urgency or threatens negative consequences if they do not take action; and
  • The email contains links or attachments they were not expecting.

2. Educate them on the importance of strong passwords

Passwords are often the first line of defence against cyberattacks. Encourage your employees to use strong, unique passwords for all their online accounts, including those associated with your organisation.

Strong passwords are at least eight characters long and include a mix of uppercase and lowercase letters, numbers, and symbols.

3. Ensure that they know not to click on links from unknown sources

Links in emails, social media posts and text messages can be used to deliver malware or redirect users to phishing websites. Teach your employees to hover their cursors over links to see where they are really taking them before committing to clicking on them. 

4. Talk to them about how to spot fake websites

One of the most important things to be aware of are fake websites. These are sites that are designed to look like legitimate businesses, but are actually created for the purpose of scamming or deceiving unsuspecting users.

There are a few key things to look out for when trying to spot a fake website. First, if the URL contains misspellings, it is very likely to be a fake or malicious site. It is important to examine the URL carefully before entering any personal information. Second, the design of the website can be very telling: If it looks unprofessional, almost amateurish, or like it was put together quickly, that is another warning sign. Finally, it is key to be wary of any site that asks for personal information or financial details without first establishing a secure connection.

5. Encourage them to keep computers/devices and software up-to-date

Outdated software is one of the most common cybersecurity vulnerabilities. Software updates often provide security patches to remedy exposed entry-points into your organisational data systems. Not bringing existing software in use ‘up-to-speed’ with the latest safeguards in place, increases the risk of exposure to intrusions and data breaches.

Encourage your employees to keep all software up-to-date, including operating systems, applications and firmware, and to install updates as soon as they become available. Consider configuring software updates to install automatically and creating a process for quickly patching critical vulnerabilities.

6. Design a cybersecurity policy for organisation-wide adherence

A cybersecurity policy is a set of guidelines and procedures for protecting an organisation's electronic information and systems from attack. It includes measures for preventing, detecting and responding to cybersecurity incidents, and should be reviewed and updated regularly in response to changes in technology, business practices and the threat landscape.

Ensuring that your people are aware of the steps they can - and need to - take in the event of a data breach or cyberattack, can provide a critical respite of assurance of the swift remedial actions that are to follow.

The following are key components you may consider to include in your organisation’s cybersecurity policy:

  • Access Control: Measures to restrict access to systems and data to authorised users only.
  • Asset Management: Identification and classification of important information and systems, and assignment of responsibility for their protection.
  • Data Security: Measures to protect data from unathorised access, use, disclosure, destruction or modification.
  • Risk Assessment: Regular evaluation of your organisation’s cybersecurity risks.
  • Incident Response: Procedures for detecting, responding to and reporting cybersecurity incidents.
  • Awareness and Training: Programs designed to educate employees about cybersecurity risks and how they can protect the organisation’s information and systems.

It is also important to note that businesses should consult with cybersecurity experts when developing their policies to ensure that they are comprehensive and effective.

The preservation of the integrity of organisational data systems is a shared responsibility. Continuing the conversation and providing resources to educate your people on the latest cybersecurity threats and how to avoid them, must therefore be maintained as a key priority for your organisation’s leadership and Chief Information Security Officer, or CISO.

Comprehensive Security Awareness and Training

We can assist to equip your organisation for long-term cyber-vigilance and preparedness

Connect with us

Adeline Ng, Partner, Crowe Singapore
Adeline Ng
Partner
Audit
Chia Shu Siang Crowe Singapore
Chia Shu Siang
Director
Risk Advisory
people
Alvin Neo
Director
Technology