In 2022, the UK Information Commissioners Office (ICO) mandated that all employees must receive cyber security awareness training before being granted access to any data. This is because the biggest cyber risk businesses face is not from hackers outside of their company, but from complacency within their company. As a result the ICO also recommended that businesses prioritise ongoing staff training.
Given the record high number of cyber attacks in the UK last year, it is essential for every business to prioritise cyber resilience. Here are some practical steps to strengthen cyber security and to keep it front of mind for all employees:
- Include cyber security in the staff induction process: The National Cyber Security Centre (NCSC) has launched a free online cybersecurity training course, called Cyber Aware, for all staff to learn how to recognise and prevent phishing attacks, create strong passwords, and protect personal data. You can take a look here: https://www.ncsc.gov.uk/blog-post/ncsc-cyber-security-training-for-staff-now-available
- Strengthen passwords: The NCSC recommends using three random words as passwords, for example “FrozenStrawberryYogurt,” which are long enough to deter hackers but easy for users to remember. It is also important for employees to use unique passwords for each account and to enable two-factor authentication for additional security. Want to know more about the logic behind this recommendation? https://www.ncsc.gov.uk/blog-post/the-logic-behind-three-random-words. While using three random words as a password can be a strong and secure method, it is still a good idea to add additional complexity by including numbers and special characters. This can further increase the time it takes for a password to be broken and provide an additional layer of protection. As a general rule, the longer and more complex a password is, the more time it will take for it to be broken. It is important to use unique, strong passwords for all of your accounts to help protect yourself against cyber threats. For example “Fr0zen$trawberryY0ghurt!**” would be far more difficult to crack and according to https://www.passwordmonster.com would take approximately 59 thousand years to break
- Keep systems up to date and backed up: It is important to install updates as soon as they are available, as they often include security patches that help prevent hackers from gaining access. Regularly backing up data also protects against viruses, ransomware attacks, hardware failures, power loss, and human error.
- Provide ongoing training and conduct exercises: The NCSC’s “Exercise in a Box” tool can help organisations practise their response to a cyber attack and test their cyber resilience. It is beneficial for organisations of all sizes and sectors to regularly conduct cyber exercises. You can access it here: https://exerciseinabox.service.ncsc.gov.uk/
- Make cyber security a priority: Everyone in the organisation has a role to play in cybersecurity. By making it a part of the company culture, employees will be more likely to spot and prevent successful attacks, and to quickly respond in the event of an attack. Don’t treat cyber security as a one-time task; cyber attacks are on the rise and every company must be prepared.
We work with organisations of all sizes to improve their cyber resilience. From consultancy through to managed security services our team of experts are here to help. Contact us today for help in reducing cyber complacency in your business.