As an IT Manager, security is going to be high on the agenda for your organization. Ensuring everything you do is safe from hackers and sensitive information isn’t breached is a constant battle. When there is a breach in security, you need to be able to manage it quickly and reduce the amount of damage caused as a result.
Nothing can be more frustrating than discovering that an employee’s complacency is responsible for a security breach. With ransomware on the rise, it’s more important than ever to educate your employees on how they can remain secure.
Emphasize the importance of their role as an employee
IT professionals will be well aware that human error can be the largest contributor to security breaches in organizations.
This information needs to be passed on to your employees so they understand how their lack of security can affect the whole company.
Additionally, if employees do knowingly breach the company IT or AUP policy could be considered gross misconduct
Outline common bad practices
Further to emphasizing how much of an impact they can have individually, be sure to teach them about bad practices. Opening attachments in malicious emails and reusing work passwords for personal account in multiple places across the web are just two examples that can lead to a severe data breach.
Hold a training session
If you’ve tried emailing your employees but you’re finding that bad practices are still finding their way into every day routines, try holding a training session – or hire a third party company who can come in and do this for you. This can be as long or as short as you feel is necessary to ensure employees take on board what it is you’re saying. You could even work on putting together a guide on how to be safe online, with a particular focus on the cyber security in the workplace.
Make yourself approachable
Some of the data breaches that cause the most damage are the ones you don’t know about.
It may be that an employee has knowingly done something but are too intimidated to approach you and own up to what’s happened. Encourage an open dialogue and emphasize the importance of coming forwards, despite how serious this may impact the business. Ultimately, it’s more important to find out about potential breaches in cyber security than to let them go unnoticed.
As one of the most popular malicious programs used in a hack, ransomware is occurring more regularly within businesses. An example of this is the WannaCry attack that is thought to have infected ‘as many as 40 UK hospitals’ on Friday 12th May.
This has brought internal security to the forefront of the IT security agenda and highlighted the importance to educate employees about what ransomware is and what they should do in the event that their computer is taken over by ransomware.
Another common tactic for gaining sensitive information is phishing. This can often catch employees unaware and so it’s important that you either explain exactly what phishing is and what it looks like or put together a guide that employees can refer to when they’re I doubt – bear in mind that a guide on its own my not be sufficient as there’s no guarantee employees have read it.
When it comes to cyber security, you can’t be too careful. We’ve put together a list of top tips you can include when instructing your employees on how to be secure online:
- Do not write your passwords down, especially in your workspace.
- Never open an attachment form an unrecognized sender, email address or with an unusual filename.
- Be vigilant when following links in emails; hovering over the link with the mouse before clicking will reveal the true URL.
- Be wary of unusual requests or language from a colleague in an email; if there’s any doubt whatsoever, call them to confirm.
- Never respond to spam/malicious email; this will likely result in you and the company being targeted with increased effort.
- Be careful of how much personal information is available about you in the public domain, and be sure to shut down any old social network accounts etc., that you no longer use.
- Do not re-use your passwords, as compromising one account compromises them all.
Bonus tip: Recommend employees check whether their online accounts have been breached with: https://haveibeenpwned.com/
Although these tips will go a long way to ensuring the security of your employees, these best practices alone will not be enough and so it’s important that you always have sufficient security measures in place such as up-to-date anti-virus, fully patched systems, hardware firewall, security restricted end-points, etc.