The year 2020 was challenging as we were grappling with the Covid-19 pandemic. Fast forward to 2021, the world population can heave a sigh of relief with the rapid development and mass production of vaccines due to technological advancement in medical science.

Organisations worldwide and their staff resorted to working from home to minimise exposure to the outside environment and reduce the level of infection from the coronavirus. This resulted in the extensive usage of digital tools and wireless infrastructure to enable connectivity over the Internet and allow employees to communicate and perform daily tasks at home, instead of in their workplaces.

During prolonged periods of lockdowns in most countries, hackers seized the opportunity to illegally access the computer systems of businesses and individuals. In the process, they stole vast amounts of money, electronic data for their own gains.

These unscrupulous individuals are getting bolder in their unlawful activities. One of the hacker groups known as ‘Anonymous Malaysia’ even issued a warning in late January this year that it will launch cyberattacks on the defence system and government websites in Malaysia. The police force has opened an investigation into this matter.

National cybersecurity specialist agency CyberSecurity Malaysia reported a staggering 82.5% increase in cybersecurity cases during the first Movement Control Order (MCO) period that started in March 2020, most of which involved fraud, intrusion and cyberharassment.

Time and again, Maybank continues to advise its banking clients about a fake Maybank2u website that is being used by scammers for phishing attacks.

What can we learn from these cyberattacks and security breaches? How can we safeguard our networks, laptop equipment, bank accounts, corporate and personal data from potential cyberthreats? What is cybersecurity culture? How can we manage it and change the behaviour of employees?

The three pillars of training, awareness, and communication are vital when implementing a cybersecurity culture. Employees play a key role, apart from technical cybersecurity solutions. This leads to security awareness, which deals with the training of human behaviour.

A strong security culture facilitates workflow processes. Employees know what threats there are, how they work, and how to counteract them. Current and potential future dangers are identified and integrated into the organisational culture. This integration enables an organisation to better prepare for the unpredictable, proactively avoid or at least reduce damage, and pursue forward-looking development.

It is important to adapt the culture of security in a company so that the employees internalise and live the correct behaviour. Cooperation amongst employees in making security culture part of their work responsibility will increase the protection level and reduce the risk of cyberattacks.

Cybersecurity culture in the workplace goes beyond telling your employees to change their passwords regularly. Your organisation needs to strengthen its security culture. Spend more time explaining and raising awareness about possible scenarios of cyber risks, enforcing cybersecurity procedures that will assimilate easily with daily work routines and practices, as well as showing how employee behaviour can help or hinder the entire organisation’s structure, from solutions and products to third-party vendors.

Creating sustainable cybersecurity awareness training involve:

• Have a strong password policy and limit access to data systems and software;
• Develop engaging and interactive cybersecurity training;
• Use of metrics to track progress post-training;
• Make it easy for employees to report threats.

Having a strong and resilient cybersecurity culture will protect the organization against cyber threats and possible data breaches.

One of the major issues businesses need to take care of is their bring-your-own-device (BYOD) policies, which can boost workplace productivity on multiple levels. Employees will perform daily tasks faster by using the devices they are accustomed to. However, BYOD is risky because it relies on the responsibility of employees and their ability to recognise online security issues and act on them. When using private devices, employees are more likely to access unauthorised websites, download files from personal inboxes, and click on social media and e-mail links.

Employee training should be mandatory as it is a critical aspect of preventing human error and minimising cyberattacks. Focus on the common cybersecurity threats that may target your organisation. Phishing, undoubtedly, remains the major risk since it relies on employees’ inability to recognise spam from regular content.

Comprehensive cybersecurity policies outline your company’s assets you will need to protect, the major online threats to these assets, and key rules for mitigating these risks. It should explain how sensitive data should be stored and shared, as well as what channels and materials employees should use.

Important factors to consider are:

• Teach employees about the importance of strong passwords and use of technology;
• Emphasise e-mail security measures;
• Explain how to deal with sensitive data;
• Set strict social media rules.

New Horizons is the authorised learning partner to the top technology providers, offering an array of courses ranging from Cybersecurity and Big Data to Productivity and Programming. These programmes have been specifically designed to cater to the training requirements of businesses and individuals.

We have certified more than 30 million individuals over the past 35 years with industry-leading technical training. Kindly visit www.newhorizons.my to find out more about our Industry 4.0 certification and experience our online learning and development solutions.