They say that a team is only as strong as it’s weakest link. This is especially true when it comes to cybersecurity. The problem is that in this case, often the weakest link isn’t the technology itself; it’s the employees. So what can be done? If it was a technology problem, we could fix it by upgrading or adding another level of security. (Or just call the IT guy and have him do some of his computer-jedi magic, right?) Since this isn’t an option, employee education on proper use of company technology is vital. This can help bypass up to 19% of data breaches that could have been avoided with good training.
So what can you do? Here are five things to make sure your employees know to keep your company safe. As suggested by DirectPointe 7, Inc CEO, James Martinos.
Hackers commonly utilize what is called social engineering to procure usernames and passwords needed to steal important information. They do this by pretending to be, let’s say, your IT organization. Additionally, they might ask for information on usernames or passwords to improve company security. And your employees will fall for it. Just like that the hacker has all he needs to steal your valuable and confidential company information. However, by educating your employees and establishing a company-wide protocol for official requests of sensitive data, this can be avoided.
Learn to recognize cyber attacks:
Attacks come in all shapes and sizes and you might wonder why it’s important to teach your employees to recognize them. When scammers receive the information they are looking for they can access your devices to install harmful malware and view sensitive company data. Here are some common attack markers that should raise suspicion:
1. Firstly, emails from anyone, even a well-known contact, that ask for a significant amount of money. These emails play on the altruism of the recipient.
2. Secondly, urgent messages that include phrases such as “You must act now!” or “Don’t lose a second, only available today!”
3. Thirdly, promises for huge profits in a small amount of time. It’s best to remember that if it seems too good to be true it probably is.
4. Lastly, Offers to share exclusive or confidential information that you can’t find anywhere else.
Don’t worry; you’re not alone in the fight against cyber attacks. Because there are filter programs available for use to protect your employees from receiving this type of message in their inbox. We recommend you take a look at this website to find one that fits your company’s needs. DirectPointe is also equipped to offer consulting services in this area.
Creating strong passwords (and storing them correctly) is critically important to online security. You can learn more about how to manage your employee’s passwords in our article First Line of Defense: A Strong Password.
See it, report it:
Equally as important as strong passwords and scam recognition is teaching employees to report all cybersecurity threats they notice. Whether an employee makes a personal error or witnesses the same from a coworker, it is important that they are willing to report it to minimize damage. As an executive or manager, you can facilitate this process by providing an online form (like a Google Doc survey) that would allow employees to report issues quickly and with minimal hassle.
Monitor personal security settings:
Finally, it is important to encourage employees to keep their social media and other accounts as private as possible. This minimizes the amount of personal information that can be found on the web about them. As a result there is less of a chance your employees will be targets of phishing attacks. The end result is that there is less margin for error in your employee’s scam identifying abilities.
These are just five things to teach employees about in order to increase their cybersecurity literacy. But there is more you can do. One is to hold regular employee training seminars to update employees on changes in policy. Here you can ask for input and educate them on things to be watching out for. And remember, it’s okay to test employees on the information they are learning in these seminars. For example, you can conduct a quick follow-up quiz allowing them to pass off the training and sign the company policy with any new changes.
Finally, it might be time to update your company’s acceptable use policy. This is a document that outlines the expectations for computer use by employees. Can they access personal accounts and social media on work devices? What can they download and store on company computers? All employees should be aware of and sign this document.
DirectPointe specializes in developing and implementing technology that works for your business as well as consulting on how to strategically plan IT and security that matches your potential for growth. Want more time to focus on your core business? We can help with that. For more tips on how to stay on top of company internet security, follow us on Facebook and Twitter.