Cyber breaches don’t discriminate. Theft of digital information occurs at companies large and small, from local banks to major defense contractors, and has now surpassed physical theft as the most commonly reported fraud. According to the business magazine Fast Company, federal agents delivered the somber news last year to more than 3,000 U.S. companies that their computer systems had been hacked to the tune of $215 million. President Obama identified cyber attackers during a recent White House summit as a major threat to the U.S. and world economy.
Whether your business has a sophisticated, high-technological Internet presence or merely uses email and maintains a website, cyber security ought to be part of the overall game plan. Every business using the Internet is responsible for creating a culture of security that will enhance business and consumer confidence.
Usually cyber threats are blamed from the outside where crooked programmers pilfer corporate intelligence and raid your financial data. But sometimes the threat is created from the inside out when employees’ ignorance literally opens the door to cybercriminals. This can’t happen, and doesn’t have to.
It’s important to train and educate your employees BEFORE you have a data breach. Waiting to react is a mistake. Create a culture of cyber vigilance and have in place policies that will leave you cyber secure. Here are things your employees need to know to stay on their cyber toes.
Education Is Key
Employees need to know and understand that cyber attacks can – and will – happen. Conduct periodic training sessions on how employees should approach their jobs in cyber-aware fashion. Also get them to understand the importance of this vigilance at work but also at home. Ask whether their systems are backed up and what vulnerable data do they have on their computers. Push them to understand how the same principles apply at work.
Lead By Example
Executives are for the most part the targets with a bull’s eye, partly because what they have on their computer is going to be the most likely target at a company.
Mobility is currently the biggest threat factor causing the security perimeter to widen and threats to become more precarious, Mark Bermingham, director of global B2B product marketing at software security firm Kaspersky Labs, told Security Magazine.
When events do happen, no matter how small, share it. Show them why they need to be careful. With their unlimited power over the network, IT staffers are also vulnerable.
Access Must Be Limited
Access to the system should be limited in terms of what employees need to know to do their jobs. It cuts down on the risk of breaches. There also must be data separation. For instance, does the marketing department have to have access to the financial department’s data? Here’s why: in the event of an attack or breach, data separation helps ensure that the attacker only gets access to certain information rather than ALL the data the company has.
Learn To Spot – And Report – Suspicious Activity
Cyber security must be encouraged, and one way is to give employees easy ways to report suspicious activity. Maybe it can be a help desk or central number to call or text. Have them pay close attention to social media, blogs, and links from unknowns.
“Some cyber incidents begin with a phone call from someone posing as a co-worker asking seemingly innocuous questions and gathering information about the company,” Kaspersky Lab reports. “A cyber criminal exploiting social weaknesses almost never looks like one.”
Daily Protection Is Needed
Employees must keep machines clean. Having the latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats. Set antivirus software to run a scan after each update and install other key software updates as soon as they are available.
Be Careful With Mobile Devices, Too
Mobile devices often hold confidential information or can easily access the corporate network. Users must password protect the devices, encrypt their data, and install security apps to prevent criminals from stealing information, particularly while the phone is on public networks.
Backup, Backup, Backup
This sounds like a no-brainer but regularly backup the data on ALL computers. Critical data includes word processing documents, electronic spreadsheets, databases, financial files, human resources files, and accounts receivable/payable files. Might be a good idea to automatically backup data daily or at least weekly.
Wi-Fi Networks Must Always Be Protected
Make sue your Wi-Fi network is encrypted and hidden. To hide your Wi-Fi network, set up your wireless access point or router so it does not broadcast the network name, known as the Service Set Identifier (SSID). Password protect access to the router to make certain that whoever is on the network is suppose to be there.
Passwords & Authentication
Every three months employees have to get used to changing passwords and using unique ones. In fact, consider implementing multifactor authentication that requires additional information beyond a password to gain entry.
Be Transparent About Any Cyber Incidents
It’s important that employees know what’s going on. According to Kaspersky Lab, improper handling of a cyber incident might increase the impact of the event. Their solution: Issue instructions about how to speak to the public and the press, and before anything even happens already know what your PR strategy will be.
What are some ways you’ve changed the culture of cyber security among employees at your company?
© 2015 Generational Equity, LLC. All Rights Reserved.
Interested in selling your business one day? Review this complimentary whitepaper from Generational Equity to get a deeper look at what it takes to grow and exit a desirable business.
