Educating Your Employees about Cyber Security Business Practices
Cyber security is a critical aspect of business. While many people think of cyberattacks as being some hacker forcing their way through a security wall or exploiting a piece of software, many cyber security breaches occur when employees inadvertently allow an attacker. In many cases, the employee is unaware of their part in the attack. The best way to keep your company's data safe is to teach your staff to avoid potentially risky behaviors and to know what to do in case of an attack.
Why Employees Should Care
In the workplace, management will often establish standard operating procedures that employees do not understand, but it is the responsibility of management to ensure that the rationale behind these procedures is clear. This is especially the case in cyber security as employees are on the front lines to defend the network and need to have a clear understanding about how their actions or inaction can impact security.
Employees should be aware of the following basic facts about cyber security in their workplace:
-
Nearly 60% of all small and medium-sized businesses that experience a cyber attack are out of business within 6 months
-
It costs an average of over $100,000 to repair the damage done by a cyber attack
-
Lawsuits from customers whose data has been breached can cost millions
-
Fines from government agencies over the theft of protected data can start at $100,000 per customer and go up from there
In short, even a mild cyberattack that impacts a minority of customers can destroy a business. Given that many of these circumstances occur due to the careless act of an employee, it’s important that the staff knows what to look for and what to do in order to prevent an information security catastrophe.
Create Clear Data and Internet Usage Rules
The first step to ensuring that your company is protected is to make sure that there are clear rules laid down for the usage of internet-connected devices.
Some examples of the policies might include:
-
Email - Only company email can be used at work. Personal email, including transmission of company data or checking email from company computers, is restricted and must go through company email filters.
-
Cell phones - Phones that are connected to the company WiFi must have anti-virus software and email rules apply as well.
-
Portable storage devices - Flash drives and discs are prohibited.
One of the most important things is to make sure that the rules aren’t too complex. (For example, you may choose to allow the checking of personal email as long as it goes through the company's email security software.)
To make sure that there’s more buy-in from employees, you should ask the employees what they would like to see and what they need access to. (For example, you might hear that your staff uses YouTube to learn how to do things in Excel.)
Consistent Training is Key
Cybersecurity is a marathon, not a sprint. Training and information should be shared on a consistent basis. Monthly emails or videos are a great way to keep the training going. Occasional training, including informal trainings before shifts, can keep the awareness up without requiring you to subject your employees to long, tedious seminars about cyber security.
Additionally, keeping a line of communication open is important. Having a phone number that people can call with questions or if there’s an incident can reduce problems and improve response time.
Cyber Security is Everybody’s Responsibility
Making sure that everyone who has access to the company network is in on the cyber security training will help to ensure that each employee recognizes their responsibility. Everyone in the company is vulnerable, but everyone is also capable of improving cyber security as well, simply by being trained and vigilant.
System-Wide Monitoring
System and company-wide monitoring are at the heart of ongoing cyber security. Seeing what’s going and what’s being done is the best way to help modify employee behavior. Some examples of areas that can be monitored and controlled are:
Track emails and messages sent. Email and messages are the fastest way for malicious software or phishing attempts to infiltrate your company’s network. An employee monitoring system can track to whom the messages are going and who is sending them. This monitoring system also tracks websites visited to ensure that no one is visiting sites that are known sources of malicious software. Learn more about BrickHouse Security cyber security.
Next-generation antivirus protection. The next generation of antivirus software actively monitors your computers and servers and responds to threats. Where the old systems needed updated definitions to know what to look for, these next-gen programs look at a program's behavior for clues that show if it’s malicious. They also use public information to know when a new attack has begun somewhere in the world and proactively safeguards against it.
Video monitoring. Strategically-placed video cameras can alert you to all types of nefarious activity, from an employee using a flash drive to unauthorized personnel entering your server room. At BrickHouse Security, we’ve found that this is one of the most powerful deterrents against intentionally malicious activity. Learn more about video solutions for your corporate security.
Develop a Response Plan
One of the most effective ways to get ahead of a cyber attack is to have a response plan, in the same way that you do with fire and injuries. There can be many elements to this plan, but the basics include:
-
Assigning a response team
-
Developing a company-wide signal that tells people to turn off their computers
-
Implementing backups of the server and data
-
Creating a plan for an attack and response review team to learn from the problem
Planning, Training, and Buy-In
While your employees are the weakest links in your cybersecurity chain, they are also your strongest assets. Converting a weakness to an asset requires planning, training, and most of all, a commitment from the staff to successfully enacting the policies that will protect the company and their jobs.
If you are hoping to implement a cyber security plan for your business and have need assistance, the BrickHouse Security experts are always here to help. We invite you to contact us today to learn more!