When people hear “cyber crime,” they will often picture a malicious, shadowy figure doing complex hacking to break into a system. The reality is that the danger is much more likely to be from your own staff.
Employee negligence is the biggest risk to cyber security for American companies, with human error being the main cause behind 47 percent of data breaches in a 2018 survey. In order to fight this, managers need to train their staff to identify risks, protect company data, and use different security tools effectively.
Clean Desk Policy
Papers and documents on an employee’s desk present a significant security risk. A clean desk policy dictates how these should be stored and ensures desks are kept clear of sensitive information. Best practices include making sure you have the policy in writing, communicate it often, enforce it all levels of the organization, and provide appropriate storage options. You should also encourage a culture of prioritizing digital files over print-outs.
Phishing (getting you to click on a malicious link or file) is one of the simplest and most common ways that hackers try to take advantage of your employees. Luckily, while some phishing emails are exceptionally well-made, the vast majority of them can be spotted from a mile away.
According to CNET, a combination of common sense, grammar and spelling checks, protective browser extensions, and a healthy amount of suspicion toward any email that tells you to “act immediately” will help you identify most scams.
Out-of-date software is vulnerable software. All employees need to know the importance of keeping all software updated, including any necessary patches. However, simply clicking the “Update” button whenever prompted doesn’t quite cut it because several vulnerabilities will be harder to spot and keep track of. A patch-management system is an extremely useful tool for this, and there are several free options available for businesses on a budget.
Smart Password Management
Common password errors made by employees include using weak passwords, using the same password for everything, and writing down passwords in unsafe places (like a post-it on the screen). A password manager can solve all of these problems, giving your employees a central location in which to securely store complex, individual passwords. Wirecutter rates 1Password as the best available, with the free version of LastPass being the top budget choice.
Social Media Awareness
While employees are usually told to positively represent the company online, little is said about the potential of social media to affect security. According to Forbes, social media posts by employees are often used to tailor attacks like phishing emails, so people should be careful about the information they share online. Also, access to company social media accounts should be spread among several people, and passwords should be stored on a password manager.
Using a VPN
According to PC Mag, any company that stores important data in the cloud or that employs remote staff should be looking to protect their connections with a VPN. Essentially, a VPN provides secure encryption and connection at a fraction of the price of more complex security systems. Make sure any staff using the VPN connection is fully trained in what it does and how to use it effectively and professionally.
Data Recovery Plan
Your company should have an overall data recovery policy, but it can also be useful to teach your employees how they can quickly react to data loss. Secure Data Recovery has an extensive guide to data recovery and data breach protection for several types of operating systems. Simply identifying which sections are relevant to your company and circulating this information can help protect your company’s data.
Remember that staff training should be ongoing. Most of the above practices will take time to become second nature for employees, so it’s up to you to provide regular reminders and incorporate security into the company culture. It will take a bit of time, but with the right tools and training, you will end up with a business that is significantly better protected against cyber crime.