There are numerous ways owners and managers protect their company from IT security threats.
- use of a commercial grade firewall
- endpoint protection software
- proper patching
- updating software programs
- and—last but not least—strong data backup.
These security solutions are key to securing your network and data, however, one task often ignored is employee education!
As an employer you will want to be certain your employees understand how important securing data and your network is to company productivity.
Once you have established the importance of security, then train employees on the basics.
Here are the “5 key security basics” to train and implement with your staff. All of these will aid in protecting your network and business data.
Establish a strong password for your desktop, laptop, phone, and tablet.
What is a strong password you might ask? In an earlier blog post,
we listed the necessary criteria. The same password should not be used for all devices, apps, websites etc.
You also need to change your password on a regular basis. For our managed clients we often discuss and schedule network password change prompts.
There is not enough space in this post to go over all of the potential dangers that lurk in your email.
Be on alert and follow these guidelines.
If an email asks you to click on a link - look carefully at who the email is from and where the link is taking you. You can hover over the link to see the address of the site that it will be taking you to.
If it does not look familiar, do not click the link.
Always keep this in mind: email is not a secure transmission.
Think about your email content as if someone is looking over your shoulder as you type. Never put sensitive information in an email, such as account numbers, passwords, social security numbers, credit card numbers, etc.
3. Cloud file storage services
Beware of saving company documents to your personal cloud space.
Most "free" cloud file sharing sites do not have the security you need to protect company data.
More and more companies are now using business cloud storage
accounts which encrypt data. These accounts are not free, but are relatively inexpensive and provide a good value.
4. Use of personal phones and tablets
Keep in mind that if you can access your work email or company data from your phone or tablet, you need take the same precautions that you do on your company PC or laptop.
Actually, even more so since these devices travel everywhere you go.
All of us need to follow these suggestions even if you don’t have company data on your devices. We forget how much private data we put on our phones.
Also, access to your Facebook account and other social media can be a security risk if someone steals your phone. Here are some good security measures to exercise on your mobile devices.
1. Make sure you are using strong passwords on all mobile devices.
2. Use strong passwords for all apps (particularly banking apps) – don’t have your device save or remember these passwords
3. Beware of using public Wi-Fi hot spots like the ones you will find at many coffee shops, restaurants, hotels etc. Using a private hot spot or VPN is a much safer choice.
4. Keep your apps up-to-date when a company puts out an update it is improving the security.
5. Enable a specific “lock-out” period where a password is required when the device locks itself after a short amount of time not in use.
5. Social Media
As social media becomes a more prominent tool for marketing and communicating with customers, companies increase the risk of security threats.
A common social media threat is social scams. These scams begin with links that tempt the user to click them (sometimes known as click bait). If clicked, they can then end up downloading harmful codes that have the ability to steal data from the user’s phone or computer.
To protect company information, policies should be put in place that limit the employees who can access the business’ social media account. Additionally, no company info should be stored or shared on a social media account.
Lastly, a few more tips on things not to do:
- Don't install unknown apps
- Don’t click on pop-up windows that state your computer is infected (even if the pop up states it is from Microsoft)
- Don’t download pirated software
- Don't use public Wi-Fi
The above practices will help your staff become more security conscious, and they will help them practice the basics.
However, this blog post is not the “end all, be all” for security training
. The IT security threat landscape is changing all the time, which means your cyber security awareness training program should be ongoing and evolving as well.