A majority of security breaches we have heard of recently were triggered by unpredictable behavior of any organization’s greatest asset – their Employees. Whilst the security veterans are working tirelessly to come up with strategies to mitigate these risks, do you know what typical employee behaviors generally lead to these incidents?
Here we list some of the common scenarios so you can start arresting the behavior before it leads to a security issue.
1. Opening malicious emails
As cyber criminals have become more advanced and creative with carrying on these attacks, phishing has also become a lot harder to be detected by an untrained eye. Apart from educating your people, there are some other recommendations to keep these cyber threats at bay. One of them is Application Whitelisting, where you identify a list of trusted and approved applications that can run on your network. Once it is enabled, despite clicking a malicious link, something like a keylogger wouldn’t be able to run on the staff’s PC and can potentially save you a major security breach.
3. Not backing up corporate data
You can reduce the impact of a cyber intrusion by educating your staff on storage locations that get backed up, which will then help you recover quickly from an incident. Existing Office 365 subscribers have the option to back up their files in the Cloud using OneDrive for Business or use the more advanced means through Microsoft Azure.
Our staffing software, 1Staff Front Office is built on Microsoft Dynamics 365, and therefore has a very easy to use backup system that automatically creates daily backups of production environments that are good for 4 weeks. There is also the option to do a manual backup at any time.
5. Ex-employees leaking data
Access to 1Staff Front Office is controlled by the Microsoft Azure AD or ADFS identity provider, so removing the user from your identity pool removes their access to 1Staff Front Office as well.
2. Weak passwords
Educate your internal employees about the importance of keeping their passwords safe and using complex ones that are hard to guess. Implement policies that enforce having passwords that combine numbers, special characters and different letter cases. You can even include in your policy having to change passwords every 45 to 90 days and not allowing them to reuse previously used passwords. It may annoy some users, but will surely work for the business.
Office 365 supports multi-factor authentication (MFA), such as requiring a user to approve their login on their phone. That way it doesn’t matter how weak their password is or if it expires or not. The only way anyone can log in using that user’s credentials is if they approve it through MFA.
4. Poor BYOD (Bring your own device) management
Since 1Staff Front Office is built on the Microsoft Dynamics 365 platform, all of its components are accessed using a browser, which means no software installs and no device dependencies. Microsoft has heavily invested in technologies that help you find the right balance between productivity and security. Office 365 subscribers can utilize BitLocker to encrypt Windows devices or turn on Data Loss Prevention (DLP) and Information Rights Management (IRM) for better protection of your sensitive data.
For more advanced threat protection, there’s Microsoft Enterprise Mobility + Security (EMS), a device-management and virtual-identity management suite that provides you all the tools you need to administer, provision and secure the devices that you use in your organization.
Fix their bad habits
How do you address these habits that put your business at risk? You can begin by building a cyber safe culture starting off with the senior leadership team. Without management support, the chances of employees getting onboard your security initiatives are likely to be an uphill battle. Follow it through with delivering regular communication and learning sessions to help them better understand risks and the roles they play in protecting the business from cyber threats.
Do you have the right IT security strategies in place?
As employees will always play a role in your overall security, in addition to user education, you should also focus on building a long-term security-focused IT strategy. Professional Advantage recommends the following Essential Eight Strategies as a baseline:
- Application Whitelisting
- Application Patching
- Operating System Patching
- Restriction of Administrative Privileges
- Configuration of Office Macros
- User Application Hardening
- Multi-factor Authentication
- Review Backups
Implementing the Essential Eight will significantly reduce the risk of adversaries trying to compromise your business systems. Furthermore, implementing the Essential Eight proactively can be more cost-effective in terms of time, money and effort than having to respond to a successful large-scale cyber security incident.
If you are not confident about your existing cyber security strategy, Professional Advantage can assist. We provide Essential Eight Strategies, risk assessments as well as network and vulnerability scan services, get in touch if you would like to know more information about how Professional Advantage can safeguard your staffing business data.
Learn more about 1Staff Staffing Software today!
If you’d like to find out more or talk to a specialist get in touch today.