Cybersecurity Awareness Month: How can employees help protect their companies from cyber-attacks?

Michelle Hinneberg, Senior Security Consultant

Increase your awareness of your company’s security policies and remain vigilant in applying them whether you’re working from home or the office. Also, if you are aware of a security incident (for example, an email sent to an incorrect recipient or theft of a company asset), you should always report the incident promptly.

At CGI, if someone isn’t 100% certain if something is permitted, they always check. No one takes a risk. Our members are told to reach out to the appropriate contact at any time, to seek clarification or advice on anything they’re not sure of.

Paul Englund, Director Consulting Services

Security is the responsibility of each employee in an organisation and we must all own the role of staying cyber smart. Our security vigilance must apply each and every day when undertaking our daily work, regardless of our location. The basics apply no matter where we are working from.

Phishing is a common way for attackers to gain access to a network, and from there they navigate across the network and into an organisation’s systems to gain unauthorised access. Therefore, don’t click on links from emails unless you can verify the source and always check the link address before clicking on it. If you don’t recognise it or it looks suspicious don’t click on it at all.

Passwords are another area to be vigilant with. Don’t store passwords in clear text (i.e. you should use an encrypted password vault if you must store passwords), and apply complexity to your passwords so that they can’t be worked out by threat actors.

Finally, if unsure of anything at all, consult your organisation’s security team or security awareness training for tips, policies and procedures and a guide to staying cyber smart.

Vivek Kumar, Senior Security Analyst

The best way to mitigate cyber threats is to adopt evolving technology, make yourself aware of best practices, and have a certain degree of autonomy and responsibility for decision-making in your daily work.

Protect yourself from social engineering tactics and becoming a victim of identity theft by learning how to protect yourself from different online fraud methodologies. This includes focusing on upskilling yourself on new cloud and IoT device technology, to gain more insight into protecting yourself in a more efficient way.

Craig Brown, Director Consulting Services, Security

Firstly, being cyber smart means always being aware of what you’re clicking on - and if something seems odd, like an email asking you for any of your details, you should always be questioning it.

One of the most problematic areas is passwords. A common problem is people using the same password on public sites (like LinkedIn) and their corporate systems. Hackers use a technique called password spraying where they will get a known password from a breached site, and try the email address, username, and password across every other known social media site, and corporate site.

In fact, did you know that LinkedIn was breached in 2012 and your email and password were stolen? Check out Have I Been Pwned: Check if your email has been compromised in a data breach to see if your email has been compromised.

Also, don’t use your personal details as a password. Take a look at this video of how easy it is to hack people’s passwords - What is Your Password? - YouTube.

Finally, most people can’t remember multiple passwords, so the best thing to do is use a secure password vault. That way, you can have different passwords across every site while only needing to remember one password.

Another common cyber security issue to mention is the use of corporate email addresses for social media sites. At CGI, this is a breach of our policy as it puts the company at risk. You should use personal email addresses only for anything not completely related to your work.

Keith Clough, Associate Security Analyst

Employees are the first line of defence when it comes to cyber threats as 90% of breaches occur through phishing attacks. That is, a user will receive an email that pretends to come from a trusted source and entices the user to click on a link, installs malicious software or discloses sensitive information or account credentials. This can lead to all types of attacks on your company, such as ransomware demands and malware attacks. They do a great deal of damage, from financial to reputational.

The lesson is, don’t click on any link that looks suspicious and always report them to your manager or IT department. It’s better to be safe than sorry.

Today, most companies today offer Cyber Awareness training - but if yours doesn’t, you should suggest that they do. Make sure you learn as much as you can from your training, and follow the advice these courses offer.

If you are after good, reliable information regarding the cyber threat landscape, visit the Australian Government's website https://www.cyber.gov.au. They have information covering everyone from individuals to large organisations.

As an employee, it’s up to you to be vigilant in your cyber security practices, ensure you’re aware of company policies and procedures, and play your part in protecting your company. Don’t allow yourself to become responsible for a devastating attack on your organisation - unfortunately it’s all too easy if you don’t follow the right advice.

If you’d like to find out more about working with our great team of Cybersecurity experts, check out our Security Careers page.