You may have a substantial security program in place to keep your business protected from attack by cyberthreats, but your IT staff and even the most sophisticated and comprehensive malware protection can only do so much to keep you safe from the operational and economic damage that can be caused by cybercrime.
What causes the chink in your security armor? Believe it or not, it’s your own employees. It’s been noted that 90 percent of breaches are the result of human error, and most of those begin with seemingly innocent email.
All it takes is for one employee to unwittingly download an infected file for your entire network to be compromised. And it doesn’t even have to be downloaded directly onto a company device or in your office. That employee might start the destructive chain simply by doing a bit of work on his or her smartphone while waiting for an order at the local coffeeshop.
The best defense against any kind of security breach is a good offense. And that begins with educating your employees in the best practices of cybersecurity. In a nutshell, here they are:
Don’t Use Insecure Wi-Fi
With so many companies’ employees working at least part time from remote locations or out traveling on the road, they’re highly vulnerable when using free public Wi-Fi networks that are unsecured and easily intercepted. If your company has its own virtual private network (VPN), then it is essential that your staff members use it for internet communications on all their devices. If not, then they should disable Wi-Fi access by default and connect only to reputable Wi-Fi hotspots.
Beware of Email Traps
The hard and fast rule to follow is never to click on links that are sent from unknown sources or that appear in pop-up windows or other unsolicited communications. Phishing by cybercriminals has become more and more common as well as creatively deceptive. Before acting on a download or link received from even a company you do business with, employees should check the originating URL and “reply to” address for irregular spellings or inconsistencies. If there’s any question at all as to the legitimacy of the correspondence, employees should verify it by contacting the source directly and/or by passing the concern on to your IT department.
Guard Company Data
The same way individuals protect their personal data from hackers is the way they should protect your business data, being just as careful to guard your sensitive information as they are when they’re exercising caution in revealing their own social security and credit card account numbers in unsolicited communications. That goes for sales figures, intellectual property, or whatever information shouldn’t be shared outside of the company, and includes written as well as graphic representations and photographs. It may seem too Spy vs. Spy to mention, but even a casual group snapshot, whether taken in a conference room or on a factory floor, could reveal information that competitors or cybercriminals might find useful.
Be Cautious on Social Media
We may seem to be living in what’s evolved into a share-all, tell-all world, but social media is not the place to discuss your company’s business. Millennials and younger employees in particular are used to divulging even the most personal details of their lives across multiple platforms that are accessed and passed along by unknown numbers of equally unknown people. It can be a hard habit to break, but employees need to know the dangers to your business of having even seemingly non-sensitive information spread on social media. Not everyone is a friend.
Follow Company Protocols
Your employees should be made aware of the importance of complying with your company’s rules and procedures regarding backing up files, installing security updates, and not only creating and using unique and complex passwords but changing them routinely. This holds no matter the size of your company. The primary target of cybercriminals may typically be large corporations, but small businesses are attacked as well, often because they’re perceived as having less stringent security in place, making them easier to hack.
Include Personal Devices
If not provided by the company, employees should maintain firewalls and anti-malware software on all of their personal electronic devices, and use the same security precautions at home as they do in the workplace.
Having your employees well-educated and defended doesn’t eliminate all risk, but it does makes it less likely that your business will suffer the consequences of cybercrime.