There are any number of ways that businesses can prevent hack attacks, ranging from the basics – better firewalls and stronger anti-virus programs – to more sophisticated security offerings that offer larger threat clouds, faster malware catch rates, and zero day threat analyses. But one of the most fundamental approaches is also one of the easiest to implement:
Research shows that almost a quarter of companies that were victimized by a data breach blamed employee error for the incident. A 2015 report from Verizon found that one in four employees will open a phishing email – a prime way hackers can compromise your system – and 11 percent click on the attachments. Yet in a survey of corporate counsels, just 45 percent said their companies have mandatory training for employees on how to prevent data breaches.
Given all that, it’s no wonder that in 2015, the number of spear-phishing attacks targeting employees rose 55 percent.
None of this is to suggest any malicious intent by anyone in your office. It is, however, to say that making employees more aware of the potential risks to business data security – and then educating them on ways to mitigate those risks – can play a key role in protecting vital information.
Here are 10 steps you can take to help employees become part of the security solution, rather than an unwitting part of the problem:
- Use strong passwords. We have written before about how to create passwords that thwart cyber-criminals. But as a rule, use passwords of at least 12 characters; don't use personal information (birthdays, pet or spouse’s names, etc.); use phrases made up of 12 or so random words; and come up with easy-to-remember sentences, then change them by, for example, taking out all the vowels.
- Beware of suspicious emails. Educate employees on how to identify links in emails that might be phishing expeditions. These include, but aren’t limited to, malicious web addresses, online ads, and attachments.
- Avoid suspicious websites. Some sites have been developed specifically for the purpose of spreading malware. Landing on them, and providing seemingly innocent information is an open door to cyber crime.
- Know the signs of a potential cyber-attack. Emails or subject lines with bad grammar, misspellings, or poor graphic image quality can signal an attempt to breach your systems.
- Have a reporting plan. Companies should have a process in place that enables employees to quickly report suspected viruses and their symptoms (such as computer slowdowns and unexpected, unexplained configuration changes).
- Authorized software only. Explain to employees that only software authorized and/or licensed by the enterprise can be downloaded. Random downloading of unapproved software puts your data security at risk.
- Basic security education. It may seem obvious, but helping employees to understand Security 101 – what a phishing attack looks like, what social engineering is, how to identify web-based risks – can go a long way toward protecting your data.
- Physical security. Have a plan in place for protecting mobile devices (such as always keeping a cell phone with the employee, and never leaving it unattended or in a car), and for locating computers in a secure, visible location.
- Network awareness. Some wireless connections are more secure than others. Bluetooth, for example, is pretty easy to crack, and public wi-fi networks can be fronts for cyber-crooks looking for ways to steal user’s online information. Employees should be made aware of the good and the bad; what to avoid; and preferred networks for data security.
- Stay updated. Keep employees informed of security updates and patches, and provide specific instructions as to how – and where – they can be safely downloaded.
Admittedly, employees cannot be – and cannot be expected to be – your entire data protection strategy. But with a little education, accompanied by clearly stated policies and procedures, they can be an effective first line of defense in the ongoing battle against hackers. Because the more knowledge you give them, the more power they’ll have over cyber-crime.
ABOUT THE AUTHOR
Mark Elliott is a Best-Selling Author and CEO. His company, 3i International, helps you apply technology to improve performance and compliance. For over 25 years, Mark has been helping startups to Fortune 500 companies overcome the technology challenges they face. He develops strategies to analyze, manage, and adapt to the ever-changing technology landscape. A central focus has been security and compliance. His experience includes preventing, detecting, and responding to hackers and threats. This keeps your organization safe from invasions while simultaneously meeting regulatory compliance.