Cybercrime in the workplace: what you can do about it

According to the Cisco Cybersecurity Readiness Index 2024, 45 per cent (!) of Swiss companies surveyed were affected by a cyberattack in the last 12 months. Time and again, cases of cybercrime are publicised in the press. Large companies such as Swisscom, ABB and the Neue Zürcher Zeitung NZZ have already been hacked. And the number of unreported cases is high: many companies do not publicise the cases for fear of reputational damage or loss of production and follow the hackers' demands.

Not only companies are targets for cybercrime, but also employees themselves.

As an employee, you are vulnerable:

Phishing attacks are the most common method used by cyber criminals to target employees. This involves sending deceptively real-looking emails that are designed to trick the recipient into clicking on malicious links or disclosing sensitive data. Such messages often appear to come from trustworthy sources, such as IT support or even management.

Another popular form of attack is ransomware, in which hackers encrypt files and only release them against payment of a ransom. Such malware is often introduced to computers by opening infected attachments or downloading malicious software via insecure websites.

The use of private devices or insecure home office networks also harbours risks. Cyber criminals could hack into unsecured Wi-Fi networks or exploit security vulnerabilities on inadequately protected devices.

Here's what you can do as an employee to prevent cybercrime:

Daniel Keller is a cyber security consultant at InfoGuard AG, a Swiss company specialising in protection against cybercrime. He deals with stolen data and insecure passwords on a daily basis. When it comes to combating cybercrime, he prioritises awareness and advises companies and employees to develop an awareness of the issue. ‘If a message gives you a strange gut feeling, then take a step back. First think about whether this could really be the case before you respond,’ he says.

Secure passwords: Use secure and strong passwords. ‘A secure password contains upper and lower case letters, special characters and numbers,’ says expert Daniel Keller. ‘Long passwords are more secure than shorter ones.’

A password manager can help you to manage your passwords securely. And very important: use two-factor authentication whenever possible.

Be careful when opening emails and attachments. Always check that the source is confidential and genuine before opening or downloading an attachment. Be sceptical. If your boss suddenly writes to you in English or asks you to do something that doesn't make any sense, it's probably a scam.

Regular updates and backups: Keep your software up to date. That way, there are no security gaps. If there is an attack despite all precautions, a backup is very helpful.

Use secure networks: Do you work from home or on the road a lot? Then make sure you only access company systems via secure, encrypted Wi-Fi networks.

The role of companies

Companies have a responsibility to protect and support their employees. Investment in secure IT infrastructures is essential. They should also formulate and regularly review clear guidelines on IT security and the handling of sensitive data. It is also important to promote a culture of open communication in which employees can report suspicious activities without fear of repercussions.

Working together against online crime

Cybercrime is a real danger that can have far-reaching consequences for both employees and companies. While technical security measures on the part of the company are important, a large part of the responsibility lies with the employees themselves. A joint, proactive approach is the key to effective defence against the growing threat of cybercrime.