Employees are a big weakness in any information security plan. These 6 tips will make your security stronger.
The biggest security hole in any business isn't the network or your computer assets or the various programs you operate on.
The biggest security threat to any business is the people that work there.
Because people do stupid things. And when they do stupid things with company information (like leaving a laptop in the backseat of a car with customer information), your company is at risk of a data breach.
That's why when it comes to cybersecurity, paying attention only to the IT side of things isn't good enough (though that's essential, of course).
You need to train your users.
Here are a few tips to help you get started on training employees on information security.
No one likes to be told “just because.” One of the most under-appreciated tips when it comes to security training is to explain why things need to be done a certain way.
Research backs this up. A university study, Technology Use: Conceptual and Operational Definitions, showed that explaining why when training about phishing attacks lead to less clicks on phishing emails.
Have – and Enforce – an Information Security Policy
Create and follow a security policy. A report from Solarwings, Cybersecurity: Can Overconfidence Lead to an Extinction Event?, reveals that only 32% of companies enforce and regularly check their security policy. That means 68% of companies are playing fast and loose with their security policy, is that you?
Regularly train users on security threats and tips to avoid them. As phishing emails continue to improve with more personalization (phishing emails are no longer limited to Nigerians asking you for your bank account details so that they can claim an inheritance), everyone in your office needs to be kept up-to-speed on these social engineering attacks. They are becoming extremely sophisticated.
Do employees keep passwords on sticky notes attached to their monitors (or in the top right drawer of their desks?). If anyone gains access to your offices, keeping passwords in these common areas can lead to a data breach. Clean desks and lock down passwords.
Change Default Passwords
As nearly everything connects to the Internet today, make sure you change the default password on any device or software that connects to the network.
Enforce Good Password Etiquette
Make users change their passwords every few months. Ensure that passwords aren't “123456” or the names of pets, spouses, and anniversary dates.
Following these 6 tips will improve your cybersecurity efforts.
Want even more tips? We've put together a free eBook with everything you need to know to keep your data safe, The Essential Cybersecurity Toolkit for SMBs. With information on the most common social engineering scams and how to spot and avoid them, must-have cybersecurity tools, and a quick checklist; you'll be armed and ready to keep your information safe and secure.
Download your free copy by clicking the button below. You'll be thankful you did.