How Employees Can Be Your Greatest Cybersecurity Asset
Employees can make or break your business's security, but a little training can go a long way
Nearly half of all businesses have or are going to experience a cyber threat this year, and that number is growing. Every year we read about more cyberattacks and serious data breaches affecting entities of all sizes from local government offices and small-to-medium sized businesses, to sprawling behemoths such as Facebook.
Keeping ahead of the threat seems like a full-time task. That can seem incredibly daunting.
The good news is that among your greatest assets in cybersecurity are your own employees. It’s up to you to take advantage of that in order to keep your business or organization running smoothly and with little downtime or fear of compromised systems.
Best password practices
Make sure your employees know how to apply best password practices. This can cover several strategies such as:
- Strong password creation
- Two-step authentication
- Regular changing of passwords
- Protecting passwords
All of the above points are fairly simple. Cybersecurity experts recommend a strong password as including a mix of numbers and upper and lowercase letters. Special characters could be an option as well. Passwords should not be easily-guessed dates such as birthdays or anniversaries, nor should they be any word one could find in a dictionary (English or otherwise).
Changing a password regularly can keep a possibly compromised password from being exploited by outside hackers or former employees who are careless with their login information or have malicious intent. Passwords should never be shared and writing them down—even in a “safe space”—should be discouraged.
Two-step authentication goes a long way in preventing unauthorized access to business networks or employee e-mails. Many applications offer two-step authorization options that require two steps in entering login information.
Practice safe computing
Solid passwords are all well and good but do little good if your employees are careless in their e-mail and internet use. Fortunately, educating employees on safe computing is pretty straightforward.
Make sure that employees know how to recognize suspicious e-mails, attachments, and links. Nearly half of all cyberattacks businesses experience come in the form of phishing attacks in which an e-mail pretends to represent a trusted entity and attempts to convince the e-mail recipient to download an attachment or click on a link. In most cases, this leads to malicious malware getting installed on the computer or mobile device which could then spread toward the network.
Malware could open wide your security for further infiltration, copy keystrokes and capture sensitive business data, or even overload your servers to the point of inoperability.
While no method can be considered 100% foolproof, employees can help protect your networks by following simple tips:
- Never share login or password information via e-mail or text message
- Hover a mouse over a link without clocking to see where that link actually leads to. It won’t be to who they think
- Never download an attachment without being absolutely certain it is from a trusted source
- Update spam filters
- Update virus and malware detection software regularly
- When in doubt, just don’t. Most well-known entities such as banks, corporations, or governmental websites can be accessed through their websites without having to go through an e-mailed link
Follow the latest cyber threat news
There is no shortage of news coverage—both from conventional news sources and industry sources—regarding data breaches, malware warnings, and ever-evolving phishing scams. Employees can protect themselves and your business by staying abreast of the latest news regarding potential threats.
Some news services offer keyword alert services so employees don’t need to start their day scanning the news for the latest cyber threats. Important information can be automatically e-mailed to them when new information appears.
Stay on top of latest system and software updates
System and software developers are constantly working to improve security. It’s in their best interests to maintain your faith in their product, and that they take your security as seriously as you do. With that in mind, they often send out updates for either your system software or for specific applications that may have security holes that need to be closed.
These apply to both desktop workstations and mobile devices alike. Staying current on updates means your systems are protected before trouble can occur.
Knowing what to do should a cyberattack occur
Finally, should the worst happen and business data is compromised, networks infiltrated, or malware installed...do your employees know what to do? By making sure your employees know how to respond to a successful cyberattack means you can cut down on downtime and threats to sensitive data.
While it’s not necessarily expected that every employee is a cybersecurity expert, they should at least know how to contact one—either in-house or remote—in order to get on top of the problem quickly, remove malicious software, and safely restore data.
Employees are your most valuable line of defense
There is a lot to be said for employing managed service providers, consultants, and cybersecurity experts, as well as employing the very latest in network security devices and software. Your first line of defense, however, is going to be your staff.
Train them up. Get them informed. Show them how to stay informed. All of these will lead to a more robust wall of security around your networks so you can focus on allowing your business to flourish.