Recent BBC reports centred on a 158-year-old company which went under as a result of a cybersecurity breach.
Importantly, the breach in this case was not some kind of high-tech infiltration of the company's systems, but a simple mistake that could be made by any of us. The issue was one employee used weak password which hackers were able to guess. Once in, they encrypted the company's data and locked them out of their own systems.
Using weak passwords or reusing passwords is commonplace and something most people will be guilty of from time to time. However, when it comes to protecting the workplace, employers need to take steps to ensure that their company is protected from these unscrupulous characters.
So, what steps can a company take?
Education
Employers should make sure that employees understand their duties to protect the company's data. Educating employees and workers on cybersecurity can help them to understand the risks of reusing passwords or of using weak passwords.
Password maintenance
One complaint many will have is that we have too many passwords, and if we do not reuse them how can we be expected to remember them? There are numerous ways for employees and workers to track their passwords, it is possible to purchase password management tools which can store passwords so that employees are able to access their passwords securely. These tools can also be used to generate strong passwords of varying lengths.
Companies should also consider setting time limits on passwords, for example, requiring employees and workers to update their passwords, including for their laptops or desktops, periodically. Employers should provide guidance on what they consider acceptable passwords, for example, they must be at least 8 characters and contain a mix of numbers and letters. This guidance can assist an employee or worker in creating stronger passwords.
All expectations and training should apply to anyone working for or with the company. It is not uncommon for companies to use agency workers or contractors. Companies should consider the risks to cybersecurity when using external help and ensure that they take adequate steps to protect themselves.
Conclusion
The above is not an exhaustive list of the steps a company could and should take, but they are steps that every company can take today. Cyberattacks are on the rise and the threat is only likely to get worse. Companies need to act now to protect their future.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
