Everyone makes mistakes. It’s a part of being human. We miss work deadlines. We throw a red shirt in with the whites. We forget a significant other’s birthday (good luck making up for that one). We “accidentally” bump into a co-worker we haven’t liked since they mocked our love for miniature horses (I know no one fitting this description).
Mistakes happen. We learn from them. We move on. We live to mess up another day. But, sometimes, our mistakes or, most important, our employees’ mistakes can have severe consequences.
Not all mistakes are so easy to recover from, especially when that mistake jeopardizes your sensitive business data. Your employees are going to make mistakes, whether that mistake is using a weak password or opening a phishing email. It’s inevitable. The biggest mistake your company can make is not training employees on data security and effectively helping to curb the number of openings your employees leave for hackers to infiltrate your environment.
Your data security plan might account for exterior threats, but what about inside threats? According to a study by the Ponemon Institute, employee negligence or maliciousness was the source of 80% of respondents’ data security issues. And the number one cause of data breaches was employees losing laptops or mobile devices (35%).
What does this mean for your business? It means that if your company doesn’t have a clearly defined and strongly enforced cybersecurity policy in place, you’re leaving the door wide open for cyber attackers. To help you get started, we’re sharing 5 things you should include in your cybersecurity policy to fend off hackers.
1) Highlight the importance of cybersecurity
First things first, let all employees know why cybersecurity is important and what’s at stake. If customer or employee data is corrupted or lost, the company and all employees are negatively impacted. Explain in detail the potential risks of data loss: downtime, productivity losses, damaged employee morale, increased management scrutiny, and so on.
2) Practice effective password management
We all do it. We reuse passwords. We create passwords based on our birthday, anniversary or another significant date. We even use our pet’s name as a password (wait, Professor Whiskerton isn’t a strong password?).
We use these passwords because it’s easier. We have a million accounts to keep track of and a million passwords to remember. No one wants to remember that many passwords or hit the dreaded “I forgot my password” and go through the painful process of resetting it.
But, what you may not realize is that you’re making hackers’ jobs that much easier by using weak passwords. If you’re using a common password, a password that millions of other people use, it will take hackers no time at all to crack it using an advanced program or password cracking tool.
Keep your data safe and secure by ensuring everyone at your company (you included) creates strong passwords. Include best practices on password security in your employee cybersecurity policy and review these guidelines in a company-wide meeting and on-boarding for all new employees.
Share the features of strong passwords with your employees. For example, they could combine uppercase and lowercase letters with numbers and symbols. Also, warn employees about the danger of using the same or similar passwords for multiple sites. You can even require mandatory password changes as often as monthly.
3) Spot phishing attempts
You’ve probably received an email before claiming that you’ve won a trillion dollars from your long lost uncle, an email that you immediately knew was a scam. But not all phishing emails are so obvious. Some are more convincing.
Phishers are getting smarter and sneakier with the emails they send. They disguise themselves as a trusted source, such as a university, bank or even a government agency. Other phishing emails appear to be from a co-worker or even the CEO of the company the recipient works for. With these emails hiding in plain sight, it’s only a matter of time before one of your employees opens a malicious attachment or clicks on a phishing link (if it hasn’t happened already). In fact, a study of Verizon partners found that one in 10 people open an unknown attachment, an attachment that could be dangerous.
Prevent this nightmare scenario by including tips for spotting phishing emails in your employee cybersecurity policy. Warn employees of any emails asking for personal or banking information. Let employees know that you will never ask for any sensitive information over email.
If the email looks suspicious, they should check with the original sender, visit the company website or search online and see if anyone else has received a similar email. When in doubt, employees should never open any attachments or click on links.
4) Install updates and patches
You can’t ward off cyber attackers if your system isn’t up-to-date. Stress the importance of updating operating systems, antivirus software, web browsers and other programs consistently. Encourage employees to set up alerts for new software updates and patches or even turn on automatic updating. Explain that these updates help keep your network safer and often fix security vulnerabilities.
5) Secure personal devices
In a 2014 study, Tech Pro Research found that nearly three-quarters of respondent companies plan to or already have a bring your own device (BYOD) policy in place. As BYOD policies increase in popularity, more employees will be using personal devices to conduct business, devices with direct access to your company data. If one of these personal devices is misplaced or stolen, company and employee data could be compromised.
Protect your business data by sharing guidelines for working on personal devices in your employee cybersecurity policy. Require employees to use strong passwords on all work-related devices. When stepping away from their desk, even if it’s just for a bathroom break or to grab a cup of coffee, employees should lock their computers.
Also, if a majority of your employees work in a public setting, such as a local cafe or bookstore, consider offering computer locks just in case. All it takes is one minute for a thief to snatch a computer.
It’s true that your employees are your greatest asset. They keep your business running smoothly. They are the cornerstone of innovation. Without them, your success would never be possible. Yet, when it comes to your data security, they can be your weakest link. Educate your employees about security threats and protect your data by covering all of the above in your cybersecurity policy.