Companies spend millions of dollars to protect its confidential information and customer data; the reality is that employees shoulder most of the responsibility. The weakest link in the security chain is always the human who looks for shortcuts, can be easily tricked, and sometimes doesn’t take or understand the cautions they should.
This is why it is important that employees to keep the company’s data and systems safe. Most are common sense, it’s fundamental that everyone is made aware of the rules and policies – not all employees in a company will have the same experience, so you need to start with the most basic.
- Confirm the identity of all that request information
Especially useful for receptionists, call-center employees or tech support, human resources, and other professionals whose work requires the handling of personal information. Attackers will take advantage of the naivety and good faith of these workers to get information in the simplest and most obvious of ways: asking for it. They do this by pretending to be providers, customers, or other members of the company that have a legitimate reason to require the information.
It’s very important to teach team members these tactics and that they make sure that the person on the other end of the phone or email is who they say they are before any information is shared.
- Always keep passwords safe
Employees should protect their personal passwords that they use daily and give even more protection to the ones they use to access corporate information. If the employee is unsure of how to protect business owners should provide a primer like this Creating Strong Passwords for recommended steps to creating a secure passwords: also they should not use the same one for different accounts, avoid ones that contain obvious personal information (birthdays, phone numbers, pet’s name, favorite football team, etc.), and ensure that it is made up of numbers and letters, with a combination of upper and lower case letters for good measure.
Also, this may sound obvious, it is important that employees avoid keeping the Wi-Fi code written down anywhere (like on a post-it, for example). Lastly never reveal your password to anyone that asks for it by phone or email, even if they claim to work in the technical department of your company or the company, which provides the relevant service.
- Your hard drive is foolproof
Saving information related to your business or customers on the computers hard drive is, in general, a bad idea and is the #2 cause of data loss just under accidently deleting files. Computers are prone to breaking down and are exposed to attacks that could lead to the loss of valuable information. Laptops are also susceptible to theft or loss. It’s better to ask employees to save files on the company’s servers or on a cloud service.
If they simply must save something on the hard drive, it is essential that they make a backup on the company’s servers or on a cloud service every so often to be able to recover the file should anything happen.
- Security copies don’t mean a thing if they’re lost
This may seem like common sense, but I hear it at least 2-3 times a week. If workers are using a laptop and make copies on a USB, it is fundamental that don’t store them together or carry them around at the same time.
Just think about it, if you lose your backpack or it is stolen, and both the laptop and USB are inside, well then you’ve lost both copies. If you do carry them around together password protect the USB.
- Storage and sharing of information via the Internet
The best solution when a company does not have an internal server or can’t store internally is to look for a cloud service, be it for storing originals or copies. In general, if the business owner needs help they can use an article to like this to get a better understanding of using the cloud Understanding Cloud Service. Cloud Service Providers are better prepared than a small or medium business to face any type of incident, such as cyberattacks.
Security and confidentiality of data that is stored virtually depends on the password used by the employee, so it’s vital that this isn’t shared with anyone who may have malicious intentions. Also, documents should never be uploaded to personal accounts; the cloud service shouldn’t be accessed from unprotected computers or via insecure connections, etc.
One of the most popular tactics that cybercriminals use to sneak into an organization and steal information is by email. If your employees have a corporate account, the first thing that you need to do is make sure that they don’t use it for personal reasons nor should they use it on public forums or public websites. It’s very easy for the email to end up on a spam list, which could mean receiving emails that are not only annoying, but could end up being dangerous.
In general and continually stressed, the best advice that the business owner can give your employees about emails is that they never respond to an email that comes from an unknown or suspicious source.
They should also avoid opening or downloading any attachments from these sources as they may contain malware, which can affect not only their computer, but also possibly the company’s entire network.
- Don’t install programs from unknown sources
Only trust in what you already know. It’s normal that companies restrict what employees can and can’t install on their computers through the operating system’s permissions. However, if they are able to run new software on their computers, you must ask them to avoid downloading from suspicious webpages.
In fact, they shouldn’t even browse them. The web browser is also an access point for some criminals.
- Be careful with social media
The most recent, and thus unknown, risk is social media. Most workers get on Facebook or Twitter while at work and in some cases causing damaging to the company, never mind resulting in lower productivity.
New tactics use selfies taken in critical infrastructures, Using Selfies for Cybercrimes, which are being found in rising numbers on Instagram.
- A good antivirus protection on every computer of mobile device
Before using any computer or mobile device, the first thing you should do is install a good antivirus. If this step is important for home users, its importance for corporate users is enormous.
A security solution that is especially designed for businesses protects computers and company data in a multitude of circumstances, even when the employees commit an error.
- The easiest way isn’t always the safest
This point isn’t just for the workers, but rather aimed at the employers: if you make things too difficult for them, they will find a way to work around your security measures.
One of the toughest balancing acts for business owners is to find a middle ground between security and complexity; it is necessary for you to listen to your employee and balance security with productivity. Remember business owners’ employees are either your greatest allies or your worst enemies.
Sources: Panda Security