Cyberattacks are increasing with the development of information technologies. Although private and legal persons respond to these attacks by using technology, the studies conducted, the fact that data leaks in organizations are mostly arising from employees, directs the attention onto the importance of the "human factor" in cyber security. Employees, who constitute the biggest target in cyberattacks, are mostly targeted through e-mail and social media channels. Therefore, it is vital to create cyber security awareness for employees.
Cyber Security Training of Employees
No matter how high technology is used by institutions and organizations against attacks, security measures can be got over relatively easily if employees are unaware of the use of secure internet. In order to ensure cyber security, a security culture should be created in which both the right technologies are used with the right processes and (at least as important as these) all employees are made aware of cyber security.
Information Security Awareness Training for Employees
Attacks on the computer system are not only performed via the internet. People who come to your office with various titles such as visitors, cleaners, computer technical support specialists, or malicious employees may also be part of technological attacks to be made to your system. Therefore, pieces of information such as Wi-Fi password, computer passwords or credit card information on the table or attached to the side of the monitor provide an opportunity for attackers. Thus, it is crucial that information that can be used during an attack should not be left around, and that valuable documents should not be left on the work desks, and that screen locks should be absolutely applied while leaving devices such as computers and phones. Similarly, make sure that nobody can see over your shoulders when using the password and pin entry screens.
It is important to protect the login information as well as protect the system. In order to prevent unauthorized access to the system, all entries must be made with personal usernames and passwords that are assigned individually. Therefore, in case of a trouble, it will be possible to clearly identify and track whose account caused the problem, so shared passwords are dangerous.
While choosing passwords for computers and programs, it is important to choose the passwords from words that cannot be easily guessed, it is recommended to use passwords consisting of a minimum of 8 digits that are combined with letters, numbers and punctuation marks. These passwords should be kept in mind and they should not be written down on paper or saved in a computer file.
"Information Security Awareness" trainings should be given to employees so as to explain these basic issues. With a few hours of basic training to be given to all employees, independent of their duties, employees can also contribute to ensuring the safety of the organization, in other words, a few hours to be spent today can be life-saving for the organization tomorrow.
Struggle Against Malware
Cyberattacks are often made through malicious software such as viruses, etc.
Malicious software can infect computers (personal computers and servers) in the following ways;
Struggling Against Phishing
Phishing is a simple but effective attack technique based on sending e-mail messages that are deemed as bait to one or more of the employees of the organization and their taking the bait in the message and behaving accordingly as it is expected.
An 'Annual Salary Increase Plan' supplement that was submitted by mistake could attract many employees. The attached file may contain malware, or a bait link regarding the salary increase plans may attract employees to click.
Phishing attacks can be common for all employees, as well as they can target a small number of employees in order not to attract attention. It should not be forgotten that attackers who can leak a computer in an organization can easily provide access to other computers as well.
In this context, in the event that messages from unknown origin or unusual messages are received, it should be ensured that those messages are forwarded to the organization's cyber security experts without opening it.
Training for Use of Licensed Product
Since it is important for institutions and organizations to install security software and programs to protect their computers and servers from cyberattacks, they need to make agreements with experienced and expert companies doing activities in this sector. Systems can be made secure by getting help and support from these companies and personnel training can also be provided from these companies.
It is essential that institutions and employees stay away from unlicensed products. Installing and cracking an unlicensed program can lead to the computer being obtained by ill-intentioned people or being crashed!