As the saying goes, sometimes the best offense is a good defense. This is particularly true when it comes to cyber security in the workplace.
Most business owners we talk to think that preventing cyber attacks and thwarting would-be data thieves starts with implementing top-notch security technologies, like DDoS protection services, anti-malware tools, web filtering, intrusion detection systems or firewalls. In truth, however, the best technologies in the world won’t protect your business data if your employees aren’t part of the security solution.
Your employees play a key role in ensuring the security of your computers and networks, and it’s crucial that they understand their roles and responsibilities in protecting sensitive data and your business resources. That means your first step as a business leader is to compile practices and policies that will serve as guidelines for your employees as they go about any task that involves the internet (yes, including checking their email).
There may be instances where you have special circumstances with your network or data, but generally speaking, most businesses will benefit from implementing the following policies:
1) Limit what employees can install and keep on their work machines. When in doubt, have them contact your IT personnel or their NetStandard Clarity team for permission to download a new program.
2) Implement good password practices, including a requirement that employees change their passwords every 45 to 90 days. Require that employees also use complex passwords that include a mix of uppercase and lowercase letters, numbers and symbols. If you don’t want to manage compliance, talk to your NetStandard team about automated controls for password management.
3) Educate your employees on the pervasive problem of suspicious links, and let them know these links aren’t just connected to email. Employees can infect your network by clicking on links in emails and social media posts, online ads, attachments, and infected websites. Tell your employees if they aren’t sure about the validity of a link, DON’T CLICK. Rather, call the sender and ask if they meant to send the link first.
4) Implement automatic backups for your employee machines and corporate data, but be sure your employees understand your backup solution. Some backup solutions can only recover deleted information for a certain amount of time. It’s important your employees understand that a backup solution is not the same as an archive solution.
5) Provide ongoing education that includes updates on any security threat you may hear about. This will help you protect your employees from nasty infections like CryptoLocker or vulnerabilities like Shellshock. Ask them to be alert to anything unusual happening with their computer as well, and be sure they know who to contact if they have a potential issue—sometimes it helps to provide a direct phone number they can stick on their desk.
Large corporations often hold formal training sessions to educate their employees on cyber security, but for small and mid-sized companies, an informal discussion and a handout for their desktop can often do the trick.