Not surprisingly, if people don’t employ secure data practices at work than a company could have 10,000 firewalls and it will not matter. According to IBM, 95% of cybersecurity incidents involve some form of human error. That means an employee’s weak password or web surfing habits can contribute to a breach. It’s crucial to bring your employees up to speed on cybersecurity. It’s not enough to simply hand over your IT rules and regulations. Instead, you need to educate, regulate, and plan.
Picture this: you hire a new employee and give them a brand spanking new computer. First thing they do? Upload calendars, photos, docs, and random files from their unprotected personal computer to their new work laptop. With just that simple act, they have now compromised your network with any viruses those files might contain.
Does this scenario make you cringe? It should. As a business owner, you already have plenty to worry about when it comes to keeping your company running smoothly. And although you may take extensive measures to protect your company from an outside cyber attack, you probably aren’t doing enough to protect your company internally.
Best Company Practices for Cybersecure Employees
1) Educate: Teach employees what to look for
Education is the foundation of a great cybersecurity plan. If employees don’t understand the risks that come with poor cybersecurity, why would they spend time or energy ensuring their property is secure?
Although phishing schemes or phone scams may seem obvious to some employees, those less familiar with cybersecurity will not know what to look for. Describe potential cybercrime scenarios to your employees, including phishing emails, phone scams, and malware. Also teach your employees about creating a strong password and how to enable two-factor authentication on their devices and email accounts.
It’s important to note that educating employees isn’t a one-and-done deal. Instead, educate frequently. Many companies have periodic training for all employees to review current cybersecurity protocols and keep everyone up to date with the latest security measures.
2) Regulate: Define clear cybersecurity rules
Once you’ve explained why cybersecurity compliance is a must, you need to clearly define rules for your employees.
Although your IT team knows not to click on a suspicious link in a pop-up ad, an employee on your customer service team may not. Be sure to set specific guidelines for what employees may or may not do on a company computer (or on the network). Be clear on what programs and applications can be installed, what spam filters need to be added, how frequently malware programs should be updated, and what sites can be visited while on the company network.
Also set parameters around using company devices on unencrypted Wi-Fi networks (i.e., using a work computer at a Starbucks) and bring-your-own-device policies. If your employees bring their own devices to use on your network, you want to be sure those devices are virus-free and properly secure.
3) Plan: Be prepared for a cyber attack
In today’s world, breaches are inevitable. It’s essential to ensure your employees know what to do when a breach does occur. Your team should know the data incident reporting procedure, which is enacted when a computer is infected with a virus or when some other form of a breach occurs.
Everyone should be trained to recognize the warning signs of an incident, such as a slow computer, a warning message, or a rearranged desktop. Make sure your IT team is easily accessible to every member of your company, from entry-level employees to management. Also, encourage employees to speak up sooner rather than later. By taking a proactive role in your company’s cybersecurity, your employees can prevent extensive damage.
Cybercrime isn’t going away and the costs are rising for organizations. In October, the Ponemon Institute released their sixth-annual breach study, which pegged the average annual cost of cybercrime per large U.S. company at $15.4 million. That’s up 19% from $12.7 million a year ago.
With hackers getting more sophisticated, it’s crucial to keep your company up to speed and ready for a breach. Although you can’t eradicate the chance of a crime, you can greatly decrease the effects if you have a comprehensive, frequent cybersecurity training program in place.