To comprehensively protect your company from cyber threats, it take a bit more than buying the right software and ensuring your have a partner that can proactively monitor threats. The first and best line of defense will always be your employees.
That’s because attackers know that human behavior will never be completely standardized and that good intentions—even in the most tech savvy employee—can win out over solid judgement. The recent rise in cybersecurity incidents against small businesses are proof that these attackers are getting more creative at hitting companies at their weakest link: their staff.
The good news it that you can control almost every element of the solution to this problem.
WHAT YOU CAN DO
The first challenge in strengthening your data security is making sure that all of your employees—yes, all of them—are aware that they play a major role in your company’s cybersecurity. After all, the first step to solving a problem is to have awareness of the problem.
Training on anything will not effectively stick to the recipient if they don’t understand why it’s important first. Make sure that your training includes the ‘why’s and much as the ‘what’s.
Training never ends. Particularly in the world of security, it should be an on-going focus in your organization.
As we’ve mentioned in various articles around security, the landscape of cybersecurity is always changing. For example, new technologies appear like a new social media platform. Cyber attackers catch onto this new trend and find ways to infiltrate the information that that those platform users have. The mind bendy part for most users is that these attackers are usually after data that has nothing to do with the platform that they’re on. They usually use these personal use platforms as a door through which they can coax out sensitive information about your company. As these new doors surface due to social trends, training needs to surface as well.
Password Best Practices
There are two big parts to password best practices, and each needs the same heavy importance placed on it.
Part 1: Complexity
Everyone knows that simple passwords are unacceptable. You should establish a minimum requirement for passwords that must be upheld through system configurations or oversight reporting. Requirements should include total number of characters as well as character complexity like numbers, symbols, and special characters.
Part 2: Sharing
No password sharing. We tend to trust most of our colleagues, so when logging in and out seems a nuisance, we are often willing to let a peer use a database we’ve already logged into so they can do some simple, quick task. The issue is not that the colleague themself is the security risk, but now you have more than one person who have established that they’re ok with sharing critical information. This can easily happen elsewhere.
Scams like email phishing and social media impersonations are unfortunately easy to fall victim to. Emails or messages that look like they are from a legit source—like your CEO or President, are extremely attractive to engage with since a user want to be compliant. Explain that emails and instant messages can be made to look like what they aren’t. Instill suspicion and give them exact ways to verify their suspicions before they act on anything.
Specify “Odd” Links
Include training on how to identify a bad or suspicious link. Include ways to verify if the link is legitimate, like emailing the source or using Google search to verify that the company or resource really exists before clicking on it.
Beware Lonely Hardware
Remind everyone: Never ever put a thumb drive into their computer unless the source is known and trusted. No matter how curious you are.
HOW TO GET HELP
Creating a comprehensive cybersecurity training plan can be time consuming, especially when you consider all the different ways that a user’s data can be infiltrated. If you’d like to talk through some of the basics that can get you started, just contact us. We’re always ready to help companies be safer tomorrow than they are today.