IT security and cyber safety tips for employees

The 7th of February marks Safer Internet Day, and in today’s high-tech climate, organisations need to protect themselves from cybercrime and comply with data protection and IT security legislation. Although Safer Internet Day’s focus is on students and young people, it’s an excellent opportunity for Irish organisations to increase cyber awareness in the workplace.

Cybercriminals have developed a range of tactics to infiltrate organisations – and organisations without an effective IT security strategy can be susceptible to hacking, fraud and loss of customer data. Insecure networks, untrained employees lacking cyber awareness, and poor IT security policies can lead to failing to comply with regulations such as GDPR, resulting in hefty fines and the potential for significant reputational damage.

Read our guide on how to demonstrate GDPR compliance.

Employees are often the weak link in IT security – 95% of cyber security violations, such as phishing emails, malware, and ransomware, result from human error. A holistic approach to cyber security awareness can help reduce the risk of cyber attacks.

Implementing an information security management system and obtaining certification in standards such as ISO 27001 and Cyber Essentials can provide a robust framework through a process-based approach to monitoring and improving IT security.

cyber awareness and best IT security tips for employees

IT security – 8 cyber safety tips for employees

1. Lead by example

Cybersecurity requires organisational leadership to model excellent cybersecurity behaviours and foster a culture of IT security across sites, departments, teams and individuals. Senior leaders should lead by example, communicating with employees about maintaining cyber security awareness. Leaders should actively support employee training, provide an open-door policy for reporting security concerns, and actively enforce, monitor and report on cyber security metrics.

While a dedicated IT security role within an organisation is helpful, ensuring that employees are clear on responsibilities and tasks, with leaders accountable for their actions, can help embed good IT security practices.

2. Implement IT security training

Cybercriminals constantly discover new strategies to break into networks. It can be a good idea to conduct regular and up-to-date staff security training. Organisations should train all their employees in how to spot common security issues and scams, such as phishing emails, and what to do if they spot a problem.

Ensure that training is recorded and updated with new threats, with employees undergoing refresher training annually.

3. Create a culture of cyber security

Employees can view cybersecurity as a distant issue that doesn’t directly affect their day-to-day role. Consider creating a positive culture relating to cyber security, and ensure employees discuss and understand how IT security issues can affect the organisation, customers and their role in the process.

  • Put staff at the heart of all cyber security changes. Encourage employees to be a part of the decision-making process and ask them for regular feedback about which cyber safety techniques are or aren’t working.
  • Demonstrate how day-to-day actions can prevent breaches and the impact if something goes wrong.
  • Use real-world examples to demonstrate how social engineering can play out, such as when Dublin Zoo lost almost €500k after an employee unintentionally opened a phishing email installed with malware. Real-life examples can help staff discuss and remember the importance of cyber security.

4. Make cyber awareness training engaging

Make training fun and lightly competitive for example, conduct mock phishing emails to see if staff can spot them and reward successful staff. Team bonding exercises like this will positively affect employees and cause them to retain important information better.

online security tips

5. Ensure clear communications

Ensure employees know how to report potential cyber security issues. Managers should provide clear directions on where to report social engineering attacks. Consider using organisation-wide screensavers and desk drops with information on how to report a problem. Use tools such as a dedicated phishing email address where employees can forward suspected phishing emails, which is monitored by IT security teams.

Reward employees who spot and flag security issues and encourage employees to err on the side of safety.

6. Regularly change passwords

Passwords like 12345 or “qwerty” are used by millions of people globally and are easily guessed by cybercriminals. Passwords involving offspring or pet names are also commonplace and can be easily deduced from employee social media platforms.

Encourage staff to use hard-to-guess passwords and enact regular password changes.

Creating a secure password is important to protect your online accounts from hackers. Here are some tips for creating a strong password:

  • Ensure employee passwords are at least 8 characters long.
  • Avoid using easily guessed words like “password” or your name.
  • Use a mix of letters, numbers, and symbols in passwords.
  • Avoid using the same password for all of your accounts.
  • Enforce a password policy of regularly changing passwords.
  • Consider 2FA (two-factor authentication), where an employee must enter a code sent to a device such as a mobile phone in addition to their password.

7. Establish a no-blame culture

Employees may feel embarrassed or anxious reporting unusual behaviour or activity that could be part of a cyber attack, such as downloading malware or falling victim to a phishing email. Employees may worry about the repercussions of blame from management and colleagues if they are held responsible for the problem.

To establish a no-blame culture about IT security, it is important to ensure everyone understands that mistakes are part of the learning process. Instead, employees should be encouraged to learn from their mistakes and to see them as an opportunity for growth.

Creating an environment where employees feel safe to speak up, and flag issues is essential to IT security.

8. Encourage robust IT security when working from home

In the aftermath of a pandemic, more people are working hybrid or remotely, which can reduce the robustness of an organisation’s IT security.

Conduct home assessments of security set-ups as part of training and risk assessments, such as home router firewalls and passwords, through to other household members having access to laptops and mobile devices. Consider 2FA for logging onto systems remotely or deploy a virtual private network (VPN) to control network access.

Communicate with employees that work equipment is monitored, such as personal web browsing on organisation laptops, and outline processes and penalties for employees in breach of IT security rules in your employee handbook.

Get a Quote

docallaghan
docallaghan

Keep up to date with our latest news!

Social
Share

Related ISO Certifications

ISO 9001

Quality Management System

Quality Management System ISO 9001 standard is an internationally recognised global standard that confirms an organisation’s commitment to improving …
iso 14001

Environmental Management System

ISO 14001 Environmental Management System ISO 14001 standard is the global standard for organisations wanting to demonstrate their environmental …
iso 45001

Occupational Health and Safety

Occupational Health and Safety ISO 45001 is an international standard that specifies requirements for an occupational health and safety …
iso 50001

Energy Management System

Energy Management Systems ISO 50001 is a global standard for organisations looking to improve their energy management …
iso 27001

Information Security Management Systems

Information Security Management Systems ISO 27001 is the international standard for managing risks related to the security …
iso 22301

Business Continuity Management Systems

Business Continuity Management Systems ISO 22301 is the business continuity management system (BCMS) standard. It provides a framework that …
iso 20000-1

IT Service Management Systems

IT Service Management Systems ISO 20000-1 Service Management is the international standard for quality management specifically focused on IT …
iso 13485

Medical Devices

Medical Devices ISO 13485 is a globally recognised quality standard that identifies the requirements of a quality management system …
iso 27701

Privacy Information Management Systems

Privacy Information Management Systems ISO 27701 is the global standard for Privacy Information Management Systems (PIMS), also known as …
ISO Certificate Transfer

ISO Standard Certification Transfer

ISO Certification Transfers Transfer your ISO Certification to Certification Europe Get in touch ISO Certification​ Transfer If you are …
bs 10012

Personal Information Management System

Personal Information Management System BS 10012 provides a framework for a Personal Information Management System standard, helping you maintain …
iso 27018

Protection of Personally Identifiable Information (PII)

Protection of Personally Identifiable Information (PII) ISO 27018 is the global standard organisations use to implement and manage systems …
iso 27017

Cloud Data Protection

Cloud Data Protection ISO 27017 is the global standard used by organisations to strengthen their current cloud data protection …
Previous
Next

Related Insights

Seven benefits and challenges of recycling business waste

A quality management system (QMS) can help your small business grow and attract new customers. Learn how…

Three bolt-on ISO standards to strengthen your ISMS

A quality management system (QMS) can help your small business grow and attract new customers. Learn how…
Previous
Next