When you think about cybersecurity for your business, you probably envision hooded hackers furiously writing malware and ransomware, plotting to steal your company, customer and financial data.
Would you be surprised to hear that an enormous threat to your company’s security actually comes from within? Sometimes well-meaning employees lay out the welcome mat for cybercriminals simply through a lack of knowledge and a bit of negligence.
Educating and training your employees is a mandatory step toward securing your company from cybercriminals.
12 Tips for Employee Cybersecurity Education
- Talk About Security; create a climate of awareness. It’s not enough to pull out the data security and data backup policies every so often, or have an annual meeting where these topics are brought up. Talk about threats and explain how a cyber incident could impact the company –- and their jobs. A network is only as secure as its weakest link. Keep the conversation going in a fluid manner, as threats constantly change and evolve. Solicit their valuable feedback and be responsive. Are there measures in place that are hindering their productivity? What can be changed?
- It’s not just non-tech-savvy employees. IT workers are often targeted because they hold the keys to the kingdom. Just because someone is in the IT department doesn’t mean they’re immune from the rules.
- Vet your employees: Background checks are a necessity for anyone who works with sensitive data.
- Make sure employees understand and abide by policies about what they can and can’t store on their computer hard drive. Installing outside programs without clearance is the fastest way to introduce malware into your network.
- Follow good password protocol. Teach employees to choose easy-to-remember, hard-to-guess passwords. Some experts recommend phrases, such as “I love hot weather.” Don’t reuse passwords. At the very least, separate personal and business accounts and use your toughest passwords for company data.
- Back it up: Whether you have an automatic backup system or employees have a daily task, make sure your workers know their role in backing up data.
- Be suspicious: Strange links, online ads, suspicious sites, odd emails that want info, messages from Nigerian princes – when in doubt, for God’s sake, don’t click! Make sure spam filters are in place — and that employees know how to use them.
- Hackers Don’t Always Use Computers: Make sure employees know about social engineering. An innocuous phone call from someone posing as a vendor, partner or employee could lead a helpful worker to spill the beans on all kinds of company operations.
- REPORT and Speak Up: Any employee who notices something strange happening on his or her computer should feel comfortable enough to speak up! Reporting a breach, incident, or hack attempt can stop things before they do real damage. Cooperation is just as important as compliance! All employees should know how to recognize an attack and exactly what to do IMMEDIATELY. They should know whom to contact (bigger companies may want employees to memorize an IT help phone number.) False alarm? Don’t make the employee feel foolish. Praise them for following protocol and treat the experience as a test run.
- Have a step-by-step instruction plan for employees to follow if they feel like they are experiencing a cyber incident, whether it involves email, social networks, web browsing or mobile.
- New Employee Training: Make cybersecurity education part of the training plan for any and every employee as they come aboard.
Cyber-Liability insurance is a must. Nationwide offers a plan https://www.nationwide.com/cyber-liability.jsp, as do other top agencies.