Most companies are surprised when they get hacked. The truth is, no matter how secure their network is, there is always a way to get in. Believe it or not, many vulnerabilities arise from a lack of employee training. According to a study by Shred-it, more than 40% of reported security breaches are due to employee negligence and lack of training. In that same study, more than 25% of workers revealed that they left their computers on and unlocked at the end of the work day, leaving the company's technology wide open for an invasion.

Also Read: How to avoid Social Engineering attacks

Employees are barely aware of phishing and social engineering cyber attacks, and by denying further the means to help prevent them. More often than not, costly and disruptive security breaches are caused by bad practice habits that seemed unimportant at the time. The importance of safety training programs should not be underestimated.

Also Read: Understanding the anatomy of cyber attacks

The new strategies should include limiting access to confidential data intended for employees and managers who work specifically with this data. Often an employee has access to confidential information while working on a specific project. When the project is finished, reversing the employee's additional access is often overlooked.

There are also employees who may be asked to disclose information or who have a grudge against the company . Employee contracts that express the company's legal intention to seek damages in court can help prevent the disclosure of trade secrets. Although they are more difficult to detect, a legally established employment contract and a strict security policy that is regularly audited will help fill the security gaps.

Backup and archive are also essential

Backing up the system and archiving old and unused documents may seem like an additional process, possibly unnecessary, but it is essential to have control mechanisms in your security system. In the event that your business is hacked or encrypted for ransom, your backup would save you a disaster. Some software can be automated to back up your system or, better, work with a technical team who can determine and implement the solution best suited to your business .

First line of defence - Easy solutions and training

· Make sure all computers and work phones are encrypted, in case they are stolen.

· Servers, switches, routers and modems should be placed in locked rooms with restricted access.

· According to the United Kingdom's National Cyber ​​Security Centre, more than 23 million accounts in violation worldwide used the password "12345". Teach your employees to create complex passwords and change them frequently.

· Update your devices regularly so that you have the latest security measures available in each application.

· Make sure no employee uses their work laptops outside the office. Even if it seems harmless, an employee can choose to go to the cafe with his laptop. Public Wi-Fi is not secure, making the laptop wide open to hackers.

· Do not give exclusive access to external services via the login details of an employee or management. Create a connection as a guest and delete the account when the job is finished.

· Schedule a professional security audits regularly to correct any weaknesses that have not been found.