Employees are a company’s greatest asset, but also its greatest security risk. If we look at security breaches over the last several years, it’s clear that people, whether it’s through accidental or intentional introduction of malware, represent the single most important point of failure in terms of security vulnerabilities. In the past, companies could train employees once a year on best practices for security. Most organizations roll out an annual training and think it’s one and done, but in this day and age, it’s not enough.
Instead, organizations must take time to update their teams on security measures and protocols on a regular basis. Similar to updating hardware or operating systems, you need to consistently update employees with the latest security vulnerabilities and train them on how to recognize and avoid them. Your people are your assets, and you need to invest in them continually, just as you would with your software. If your team members aren’t in sync with the latest security trends, you’re always going to have vulnerabilities. It’s worth taking time to establish proper security measures and training for businesses of every size, even if you’re a small business with only a few employees, a data breach can happen to anyone at any time if don’t have defenses in place.
Here are some tips to help your employees understand cyber risk and get them engaged with best practices.
Consider security training and performing phishing exercises
The most effective training tactics today are performed monthly if not more often. Many companies perform regular phishing tests, in which the IT team sends out a fake phishing email to all employees across the organization, and gauge how many people click on it. The IT team can then break that data down by departments and types of messages to tailor training to problem areas. It also allows the company to track its progression in combatting these types of emails to see if they are improving or if additional training may be required.
Live cyber awareness starting with the new employee onboarding process
As soon as a new employee walks through the door, it’s crucial to inform the new hire of your company’s security protocols on day one. Having security training available and incorporating it in the onboarding process is key to creating the mindset that security is an important part of your business and should always be taken seriously. It also helps set the standard that security training will be an ongoing process and to expect additional courses in the future. Setting good habits in the beginning is always easier than trying to establish them later down the road when bad habits have already set in.
Utilize password protocols, a password management solution, and two-factor authorization tools
Protecting company data doesn’t always require in-depth training. Simpler methods such as having strong password policies and two-factor authorization are equally important. Implement strong password policies that will require employees to use numbers or symbols and discourage the use of everyday words that are easily guessed. Passwords should also be reset after a set period of time, like every 90 days, so that they don’t become stale and overused. Ensure that your employees are not writing passwords down. Consider providing them with a password management tool, that allows them to store passwords in a safe and encrypted manner. Two-factor authorization is also helpful for keeping private accounts and data safe because it adds an extra layer of security by requiring a numerical code sent either by text, phone call or email in addition to entering the correct password. Many companies require this method when accessing their company resources remotely via VPN in order to ensure data doesn’t fall into the wrong hands and that only employees can gain access.
Cybersecurity needs to happen at all levels
Cybersecurity is an attitude that needs to be prevalent throughout. Top-level leaders need to not only support cybersecurity initiatives, but they need to take part and lead by example.
If you are interested in learning how your company’s cybersecurity stacks up, take BerganKDV’s free mini-security assessment here. This will provide you with a baseline look at potential threats and opportunities in your technology and organizational infrastructure. If you have additional questions about tactics you can take to protect your organization, we encourage you to reach out to one of BerganKDV’s cybersecurity experts.