The Cornerstone to a Great Security Strategy is Security Awareness Training
Cybersecurity. It’s something that every company knows that they need to pay attention to, but also something that a lot of us don’t know how to approach. For a lot of companies, installing anti-virus software and enabling password protection on company devices is about as far as it goes.
Unfortunately, while these measures are useful, they’re never going to offer you complete protection. There’s always a chance that some dozy employee will open the wrong email, download files that might be infected, or even choose a password that a two-year-old could guess.
Which is why every good security strategy should include security awareness training for your staff as well.
What Does Security Awareness Training Cover?
You can learn about protecting yourself in more detail by checking out the EveryCloud infographic below, but let’s go through the main points here.
Proper Protection Against Cyber Threats
Install that anti-virus software on all devices used by your business. You can go one step further and install software that will also scan emails before they hit your servers. That way, there’s less chance of an email with malicious code built into it being accidentally opened.
No matter what protective software you have, it’s only optimally effective if it’s kept up to date. Make sure that it scans automatically for updates on a daily basis.
Once you have the software in place, it’s time to reconsider letting your staff use their own devices to access the systems. If they have to, for some reason, it’s important that they have the same level of security that your company’s systems do.
If their personal devices are not properly secured, they should not be used at all.
Password and Two Step Authentication
Staff members should be tutored on the importance of using a strong password. Passwords should:
-
Be at least 16 digits long
-
Contain a mix of alpha, special, and numeric characters. We also advise using at least one special character like, “@” or “!”.
-
Chosen at random. Don’t use anything that can be remotely traced to you. So, your spouse’s name or child’s name are bad choices, for example.
-
Not contain real words, or repeating letters or sequences.
It might also pay your business to consider enabling two-step authentication for anyone signing onto the system. So, for example, perhaps they’d have to enter a password and also a randomly-generated code.
Or perhaps they’ll have to enter a code that is SMS’s to them when they try to log in as well.
Two-factor authentication is very useful when it comes to tackling remote attacks.
Data Must Be Encrypted and Backed Up
Always assume that a good hacker will be able to make it past your firewalls and onto your servers. By encrypting the data that resides there, you can limit the potential damage because they won’t be able to access sensitive information even if they do get into the system.
It is also good practice to back up data regularly – that way, if someone manages to destroy your data, you have a backup.
Train Staff to View Online Communications with Suspicion
Human error accounts for a large number of data breaches. Employees must learn to view all online communications with suspicion. They should never just assume that the email they receive is genuine, they should confirm it.
They can start by looking at who the sender is and checking that the email address is the same that is on record. If they suspect anything, they should be encouraged to actually call the person the message is supposed to be from and confirm the content.
This is something that most employees do when it comes to financial transactions, but it is equally important to be vigilant for less important things. Like a client asking for a statement, a copy of an invoice, or a balance, for example.
Limit Access to Unauthorized People
Even the best firewall in the world cannot protect you if the hacker gets access to the building and figures out someone’s password. Make it a rule that any third parties must be accompanied at all times.
Hackers Don’t Just Come from Outside
We’ve all seen the movies. This brilliant hacker working away with a bank of computers in some obscure location. But it’s important to remember that the threat can come from much closer to you. It might even be coming from one of your employees.
Perhaps they’ve been persuaded to steal information, perhaps they’re just doing it because they’ve got a grudge against the company. Either way, neither alternative bodes well for the business.
Your only protection against this type of threat is vigilance. You need to have someone keep an eye on what files employees are accessing and whether or not they should be accessing them.
You should also limit the amount of access that each employee has. Not everyone needs access to every area of the system. Limiting access to only those areas that each employee needs to do their job can limit the damage if they are trying to steal information.
Overall, the key is to start educating staff about the importance of online security. Ideally, you want them to become a little paranoid about it. The better you’re prepared, the harder a target you’ll present, and the less damage that can be done.