Over 200 L&D pros shared their biggest challenges and investments in learning. Read the full report

Disembodied hands typing on a laptop in a dark room

Avoiding common cyber threats in the workplace

h
Josephine Searles
2020-05-05

There are a number of different cyber threats that you need to be both aware of, and actively trying to prevent in your workplace. These range from the classic phishing calls and emails, to increasingly sophisticated attacks using tools like Artificial Intelligence to bypass company data security systems. 

Luckily, there are a number of effective methods you can employ to reduce the risk of these attacks on your company systems and data.

Social engineering and phishing

This is one of the longest-running forms of cybercrime, and hackers are constantly developing new ways to trick people into revealing sensitive information. Social engineering attacks are reliant on human error, as opposed to badly protected systems and software. 

null

Generally in email form, phishing is the attempt to gain valuable personal information such as bank details, credit card information or system passwords. These scams can be very sophisticated, with information, email addresses and company branding all appearing to be authentic.

Phishing attacks are popular with hackers as they are effective, cheap, and easy to do. With a minimal investment of time and effort, these strategies are low risk but can result in high rewards.

Malware and ransomware

The term malware covers all types of malicious software including viruses, spyware, adware and bots. It’s essentially any kind of software created for the purpose of stealing data or damaging devices and systems.

Ransomware, such as the Petya virus, has the ability to freeze or shut down computers – from a personal device to the servers of an entire organisation. Once this occurs, hackers and cybercriminals can extort money from companies or individuals in return for decrypting the virus and allowing access to devices.

AI and ML driven attacks

While Machine Learning and Artificial Intelligence are both useful tools in the fight against cyber threats, they can also be used against us in more sophisticated attacks. AI can be used as a weapon to breach security systems as it permits a face or voice to be superimposed over another, and this allows a hacker access to previously protected data.

Endpoint attacks

Endpoints are generally end-user devices like PCs, laptops and mobile devices. With the use of cloud-based systems, SaaS providers and enterprise networks on the increase, cybercriminals have larger attack surfaces and more vectors to choose from when bypassing security systems. It’s important to note that attacks will begin at the endpoint, even if this device isn’t the actual target.

Implications of cyber attacks

Cyber attacks are costly events for a number of reasons. Aside from the obvious expenses incurred when repairing your systems and recovering data, you may well be hit with fines and legal costs. On top of this, the time spent rectifying the issue will cause a drop in overall employee productivity, it’s highly likely you will lose customers, and the damage to your company reputation may be irreparable. Recent research shows that cybercrime costs the Australian economy over a billion dollars annually.

How to prevent cyber threats in your workplace

Unfortunately, many companies have experienced the negative effects of serious cyber attacks. The good news is there are a number of ways you can prevent these, including:

  • Ensuring your antivirus programs, firmware and firewalls are up to date
  • Employing a policy of least privilege for your users; this limits the systems and resources available to the minimum required for each particular role 
  • Maintaining a full inventory of all internet-connected devices on your company network, and details of their operating systems
  • Applying security solutions to all devices on your company network - your system is only as strong as your least protected asset
  • Creating an offsite backup of your company data as part of your company disaster recovery plan
  • Ensuring your company systems are up to date, and removing any unused or unsupported software 

It’s vitally important that you have effective data security programs and policies in place to protect your business from cyber threats. This means your company data is secure, along with any sensitive information relating to or belonging to customers and clients.

Take a look at our Go1 Information and Data Security pathway. You'll find courses covering everything you need to keep your systems and information protected, from email etiquette and how to handle sensitive data, to guarding against identity theft, phishing and malware attacks.

For more insights, be sure to subscribe to the Go1 newsletter to stay on top of all the latest L&D trends. Or, you can book a demo today to find out how Go1 can help with your team’s learning needs.

Go1 helps millions of people in thousands of organizations engage in learning that is relevant, effective and inspiring.
Latest stories and insights