For a lot of business owners, cyber security threats are a huge concern, especially threats that can only be combated with advanced technology. But what most employers don’t realise is that employees are usually the greatest source of vulnerability in their business.
Employees: gate-keepers…or weak links?
Did you know that leaving a laptop or mobile device unattended can be a huge liability?In fact, more often than not, it’s staff that tend to forget this fact and sometimes little is done to prevent devices from being left in public places. For hackers, an unattended device is an invitation to ‘break in’- leaving a company’s network and data exposed…and at risk. Matters can get even worse when sensitive information is stored on the local drive of the device, or if the password used is too easy to guess
Q: What’s the first step to becoming secure-savvy? A: Be 100%positive that your IT security policy is across-the-board, covering all possible sources of attack, including the latest threats and with a clear recovery plan.
Nevertheless, having a policy in place doesn’t mean your work is done – you have to be sure that your employees are following the ‘rules’. This can be achieved by increasing awareness of the risks and consequences, with a particular focus on any new hires.
Five tips to educate employees on cyber security
Tip #1: Internal communication is key in when trying to prevent cyber attacks
Bad habits have bad consequences, and your employees need to know this.Fines and losing customer trust might only be the tip of the iceberg.
Use a “worst case scenario” to illustrate your point: An employee is working out of a coffee shop, using the free Wi-Fi and accessing work documents. The laptop is then forgotten, but it’s not password protected and all emails / documents are free to access, by anyone.This is the perfect example of how your business can be put at risk.
Reminder:don’t forget to mention social media.There’s always danger of revealing too much personal information (family member names, birthdays, etc.) all of which are often used in passwords – something that most hackers are very much aware of.
Tip #2: Cyber security is everyone’s issue, not just yours
You MUST include IT training in all workshops attended by employees.In fact, you should probably focus more on the senior staff, as they have more access to sensitive information making them a prime target for any seasoned cybercriminal.
There should also be a certain amount of coaching for the IT staff too, as they have direct access to your business’ network, meaning they are just as prone to hacking.
Tip #3: Cyber security sessions need to become a regular thing
Education has to happen before a cyber incident, not after. Why not approach the subject of cyber security by putting a monthly lunch ‘n’ learn in the diary? In addition to that you could create on online forum on your intranet where employees can have a platform to share articles and news on the latest cyber-crimes or mega corporate breaches.
Anything you do should be both relevant and engaging –in this era most people are constantly connected and could benefit from useful knowledge of how to be secure online, even on a personal level.
You could even test your employees’ cybersecurity knowledge by sending out an online survey – this is a quick, cheap and efficient way to see if all your training is having an effect.
Tip #4: Focus on the bigger threats: email, social networks and mobile devices
Attachments can be the enemy and your staff need to be painfully aware of this. By encouraging a culture of “safe browsing” and advising your employees to be sceptical oflinks from unknown sources, you might be one step closer to keeping company data safe. Oh, and don’t forget social media links either!
When it comes to passwords don’t enforce a rule that employees must change their passwords on a regular basis as they’ll probably resort to writing them down and taping them to their monitors / workstations.
Tip #5: “RR” stands for Recognise and Respond – your staff need to know this
Cyber attacks often come in the form of a “work-related phone call”, often disguised as a supplier or sales call, where account details or passwords are trying to be obtained. Overlooking the implications of such calls is an open invitation to cyber-crime.
In the case where an attack does occur, give everyone enough warning so as to limit the impact of the attack. Having a strong contingency plan and PR strategy in place means that your team will be fully equipped to handle the most challenging of questions and reassure any concerned customers / complaints.
No business can be totally immune to cyber attacks, but it’s down to you, the business owner, to take measures and educate your employees. This will significantly reduce the probability of one happening to your business, and if it does, you’ll be a pro at damage control and taking care of the situation.
Top Tip: Be proactive in your approach, and aim to educate your workforce on the latest cyber security threats and how to combat them before your business is compromised.