Head of technical operations at e-Crime Bureau – a Ghanaian private cyber security and digital forensics company, Eric Mensah, has reiterated the need for organisations to take interest in training their staff on basic security awareness in the quest to ensure safety and cyber-hygiene.
He said many organisations are likely to think of staff as last on the list in their attempts to protect themselves from cyber-attacks. However, cyber-ignorance on their part, especially non-technical staff, could allow access for cyber criminals to invade the organisation’s system.
Speaking to the B&FT on how businesses and individuals can ensure digital security in this current dispensation when there’s an increase in cyber-related crime, he advised that organisations must equip all staff – adding that training could even help technical staff to configure systems in order to identify cyber-attacks and prevent them.
He noted that most businesses and individuals have resorted to the use of technologies in both business operations and daily lives without adopting and enforcing corresponding security protocols, a situation that is leading to an increased rate of cybercrime incidents in the country.
He also said cyber-attacks are likely to increase due to digitalisation of business transactions and personal interactions, and urged that proactive measures be put in place to protect organisational assets.
Safety for businesses
To reduce or protect an organisation’s assets from cyber-attacks, he said: “It is advisable that institutions use frameworks such as Payment Card Industry and Data Security Standard (PCI-DSS) and ISO27001 to protect their information and themselves. These internal standard frameworks will help harden the institution’s Information Technology (IT) asset or infrastructure”.
He added that in this era when some workers perform their duties from home via the Internet, spelling out procedures which guide working protocols could help minimise cybercrimes.
“Organisations must develop and enforce adherence to policies and standard operating procedures, especially work-from-home protocols. For instance, there could be a policy cautioning staff not to connect with any public Wi-Fi unless it is a dedicated Wi-Fi provided by the organisation.
“In addition, with the increasing threat of insider engagement in cyber-criminality, institutions are encouraged to have some procedures in order to identify employees who have malicious intent and a tendency to commit cybercrime – or even engage with external perpetrators to commit cyber-attacks,” he said.
Safety for individuals
On the individual level, he advised that individuals verify emails and even social media links before opening them.
Mr. Mensah explained that, oftentimes, links either have malicious factors embedded in them or direct you to other malicious pages which can give access to your credentials.
“Similarly, all removal devices are to be scanned before opening. There could be malware on the pen-drive or any external hard drive; so before you open it on your machine, scan them first with antivirus or antimalware software to assure yourself that they are clean before you open.
“Individuals can also password their devices and documents to protect them from unauthorised access. For every important and confidential document, one can use an encryption tool to encrypt those documents,” he added.