Understanding that your employees play a key role in ensuring the security of your computers and networks and why you need to train your staff about Cyber Security.
As the old adage goes, the best offence is a good defence, and never has that been more appropriate than in the world of cyber security. But the defences of many businesses have a fundamental flaw built into them, and that’s the people. You see, most business owners think that preventing cyber attacks starts with implementing high end security technology, like DDoS protection, anti-malware tools, web filtering, firewalls and even intrusion detection systems. But the truth is, the best security technologies in the world can’t protect your business data if your employees aren’t part of the solution.
Software
A simple thing, but you would be amazed how many employees don’t have a clue what they are allowed to download and install onto their work machines. Because downloading software is a process fraught with risk (for businesses in particular), with rogue links and malware downloads always waiting, you need to make sure everyone knows what they are allowed to have and how they should go about it. When in doubt, have them contact your IT department for permission to download a new program, and to have the source checked beforehand.
Password Practices
Work passwords are child’s play for the experienced hacker, because so many businesses have ‘set’ passwords, or they keep the same passwords for long periods of time. Implement a policy that requires all passwords to be changed every 45 to 90 days, and include within that the need for numbers and characters. Educate your employees on the importance of complex passwords in security, and to never reuse the same password with a different number on the end (something many are guilty of).
Backups
Ensure you have implemented an effective backup system, not only for your main servers, but your employee machines and corporate data as well. Make sure your employees understand that solution, including if they can only recover deleted information for a certain amount of time, to avoid data loss issues. This way if they accidentally delete an important file (it happens more often than you’d think), they know they can just contact IT and recover it, instead of panicking and potentially losing that data forever.
Spam And Phishing Education
One of the biggest methods of infiltration for businesses is through spam or phishing emails. Just one click from a work machine means that the malware can be spread through the entire network, allowing hackers to do as they please. Educate your employees on the issues, including suspicious links and convincing emails. Teach them to hover over links before they click, and to never click on suspicious links in emails, ads or social media posts. Tell them that if they aren’t sure, don’t click. Make sure you have regular refresher training on this issue.
Ongoing Updates
This flows on quite nicely from the previous point. After your initial training, make sure you keep your employees in the loop about any known issues or scams doing the rounds, to avoid being caught up in them. If you hear of a new phishing email going around (like the Google Doc’s one recently), let people know, and explain how to deal with it if they receive it. Ongoing training and updates helps your employees know what to look for, and how to keep your data safe and secure.