Christmas is coming and it is prime time for being online!
Whether it’s online shopping, streaming Christmas films, sharing on social media or annual Zoom calls and email exchanges with distant relatives, these can pose big issues for SMEs around cybersecurity and productivity.
Are your employees shopping or streaming when they should be working? Or have they been caught out by a dodgy email?
The pandemic has blurred the lines between home and workplace. The same could be said for technology too.
The news is awash with statistics about cybersecurity and one study has shown that 51% of SME businesses in the UK have experienced a cybersecurity breach.
Some of the main terminology around cybersecurity threats to SMEs include:
- Malware attacks – a cyber-attack that executes unauthorised actions on the victim’s system, usually deployed through ransomware, viruses, or phishing.
- Phishing attacks – these often occur via email with the intent of stealing information like credit card or bank details, passwords, or other sensitive information when criminals pose as reputable firms or people.
- Ransomware attacks – these involve a company’s important information being held for ransom. This could include passwords, personal information, files, databases, applications, and other valuable assets. A ransom usually must be paid within a certain time period, or the files are lost or shared publicly.
- Viruses – these are designed to harm your IT infrastructure. For example, damaging programs, harming, or deleting files, or slowing down a computer.
- Weak passwords – passwords such as “123456” or “password” can be easily guessed by cybercriminals. Other examples of weak passwords are those relating to personal information like birthdays or the name of pets.
- Insider threats – these are risks caused by the actions of employees, former employees, contractors, or associates who exploit their access to critical data about your company to do you harm.
As people are spending more time working remotely and offsite the risk for SMEs are enhanced.
According to Grant Thornton Ireland, the cost of cybercrime to the Irish economy is estimated at €9.6 billion. The May 2021 cyber-attack on the Health Service Executive (HSE) system has been estimated to have cost an approximate €101 million alone.
Outside of the workplace, your business equipment is likely to be more vulnerable anyway. For example, employees connecting to unsecured Wi-Fi networks could leave confidential information exposed to potential threats; or losing equipment when they are out and about.
Since the pandemic, the boundaries between work and home life have merged and, for some, our homes could be considered an extension of the office. This comes with pros and cons for employees and employers alike.
Working from home can leave employers unable to monitor what their employees are doing on company equipment.
Should the temptation to do some online shopping or watch Netflix during the working day be too hard to resist, your team’s productivity will fall. What are you going to do about it?
Due to the lines between home and the workplace becoming blurred, it can also make it harder for employees to switch off out of hours and may affect their well-being.
Some may log on out of hours to send emails or catch up on projects. However, if they were to require assistance with security issues, there could potentially be no one around to help – leaving your business vulnerable.
When in doubt, refer to your policy
As with most aspects of HR, a written policy will help you guide your employees successfully and manage a successful team.
It will set expectations and give you a framework to respond to wrongdoing.
Your policy should include:
- What is deemed as acceptable internet use
- What is deemed as acceptable equipment use
- Details of acceptable personal use of the equipment
- Processes employees should follow if they believe security has been breached
Staff should receive a copy of your policy on use of IT equipment when they join the company, or as and when the policy changes.
Your company culture, levels of autonomy amongst employees and what type of confidential data you hold may all influence the formulation of your policy and how your staff behave.
The HR Dept are here to help
If you’d like to get your IT usage policies and procedures wrapped up this festive season, feel free to reach out to your local HR Dept.
We can help you write a policy or deal with complex disciplinary cases.