You are in
Get the best business global roaming packages, starting from 16.500 BD/week
Bahrain's fastest 5G broadband delivered in one day, starting from 11 BD/month
Get a special 77xx xxxx number with stc one Badala
Drive business growth with Microsoft 365, starting from 2.5 BD/month
Phishing attempts are on the rise, safeguard your business with Web Protect
Stay protected with Office Insurance, your comprehensive one-stop cover against unexpected events
Can’t find what you are looking for? View all FAQs
2020 has been something of a pivotal year for cyber security. As the pandemic took hold, businesses scrambled to a work from home model; the lens on cyber security focused elsewhere as employees grappled with a different silent risk entirely.
As we all entered a new normal of remote working, social distancing, and Video calls, cyber attacks flooded businesses across a multitude of industries, using the pandemic itself as “bait [...] impersonating brands and misleading employees and customers” (Deloitte). As businesses dropped their defences, phishing attacks spiked - sometimes at a cost of millions. As nation after nation locked down, cybercriminals continued to capitalize on the crisis with malicious corona and COVID-19 domains. In April alone, Google found more than 18 million daily malware and phishing emails related to the coronavirus - all this in addition to a perceived opportunity by cybercriminals to attack whilst our collective gaze rested elsewhere.
The risk of a cyber security attack has never been more prevalent - and with it, the need for a cyber security mindset becomes increasingly imperative. Previous attempts have been made to foster a ‘cautious culture’ in the workplace, usually in the form of a scare campaign from the top down - leading to employees deleting emails and avoiding apps - or a mandatory programme undertaken during induction; once completed, never repeated.
Rather than learning about, communicating, or reporting potential cyber security threats, the vast majority of employees are left unchecked; their attitude, beliefs and practices differing from one employee to the next. So how do you build a cyber security mindset - and a human firewall - to protect your business?
Aiming for a thorough education on cyber security - the different types of attacks and how they may appear, a clear understanding of malware, ransomware, phishing, APT and DoS - might sound like the perfect solution, but we live in the real world.
In order to foster a permanent culture with a retained ‘cyber security mindset’, awareness must be promoted and present in all day-to-day operations; not as a fear campaign, but as a part of working in the modern and digital sphere. Proactively enlightening all staff with regular training (over a one-time tickbox exercise during employee tenure) will not only guarantee progress, but empower end users as individuals to report any potential attempts.
Aiming for progress over perfection takes the sting out of cyber security awareness scare tactics, fostering a culture of natural caution without fear of blame or repercussive action. If you don’t have them already, pinpoint leaders within the business to promote regular reminders that are short, sweet and simple to understand, with the ability to resonate with different employees. Lastly, invest in a good cyber security course, make it mandatory and review annually to ensure your human firewall are consistently up to standard. Look for courses with interactive modules and games - think I Spy with spyware - to engage, enlighten and empower employees, rather than the outdated classroom-test-tickbox approach.
Instead of placing onus or blame on employees should they fall foul of an ever sophisticated cyber threat, shift the focus to raising awareness, communicating with the wider team and reporting any suspected attempt as quickly as possible. In some cases, employee inaction - for example, not engaging with an attacker via email or leaving a suspicious link unclicked - is unwittingly the best course of action, but leaving an attack unreported does not diminish the threat.
A ‘Share What You See’ approach empowers employees to raise their concerns so that they can be supported and assisted, rather than expected to deal with a potential cyber attack themselves.
Setting up a dedicated mailbox guarded by your cyber security or information technology team is a great way to manage this while so many businesses continue to work remotely - simply ask employees to send an urgent email detailing the attempt and commit to a rapid response within 24 hours.
Ultimately a cyber security mindset must be focused on the ease and convenience of the end user - your employees. Without this, cyber security best practice - such as regularly changing and protecting passwords, is disregarded. This subtle shift in defining values, attitudes and behaviours in the workplace needs to become an unconscious habit; motivating your employees to consistently and proactively prioritise their personal security - and that of the company’s - throughout all online behaviour.
Remote working is here to stay, and with it new cultures and ways of working. Anticipating and adapting to the next normal - be that continuing to work from home or a phased return to the office, or perhaps a mix of remote and office based operations - brings different business challenges to the fore. Businesses should consider the following as a foundation to support their new cyber security mindset:
stc’s Cyber Security packages offer customised services for 24/7 monitoring and reporting, advanced threat protection, and industry standard compliance. When it comes to keeping your business operations secure, we’re right by your side.