As much as a company wants to protect its confidential information, the reality is that it’s usually the employees who shoulder most of the responsibility. The weakest link in the chain is always the human – it looks for shortcuts, is easily tricked, and sometimes doesn’t take the cautions that it should.
This is why it is important that employees know what to do to keep the company’s data and systems safe. Although some may seem like common sense, it’s fundamental that everyone is made aware of the rules and policies – not all members of your team will have the same experience, so you need to start with the most basic.
10 cybersecurity basics that every business should tell its employees
1. Confirm the identity of all that request information
This is especially useful for receptionists, call-center employees or tech support, human resources, and other professionals whose work requires the handling of personal information. Attackers take advantage of the naivety and good faith or these workers to get information in the simplest and most obvious of ways: asking for it. They do this by pretending to be providers, customers, or other members of the company that have a legitimate reason to require the information.
It’s very important that your team knows these tactics and that they make sure that the person on the other end of the phone or email is who they say they are before any information is shared.
2. Always keep passwords safe
If we take care of our own personal passwords that we use daily then we should give even more care to the ones we use to access corporate information. First of all, follow recommended steps to creating a secure passwords: don’t use the same one for different accounts, avoid ones that contain obvious personal information (birthdays, phone numbers, pet’s name, favorite football team, etc.), and ensure that it is made up of numbers and letters, with a combination of upper and lower case letters for good measure.
Also, in a corporate context, it is important that employees avoid keeping the Wi-Fi code written down anywhere (like on a post-it, for example). Finally, and returning to the first point, never reveal your password to anyone that asks for it by phone or email, even if they claim to work in the technical department of your company or the company which provides the relevant service.
3. Your hard drive is foolproof
Saving information related to your business or customers on the computer’s hard drive is, in general, a bad idea. Computers are prone to breaking down and are exposed to attacks that could lead to the loss of valuable information. Laptops are also susceptible to theft or loss. It’s better to ask employees to save files on the company’s servers – if there are any – or on a cloud service.
If they simply must save something on the hard drive, it is essential that they make a security copy every so often to be able to recover the file should anything happen.
4. Security copies don’t mean a thing if they’re lost
It, again, may seem like common sense, but it happens more often than you’d think. If workers are using a laptop and make copies on a USB, it is fundamental that don’t store them together or carry them around at the same time. Just think about it, if you lose your backpack or it is stolen, and both the laptop and USB are inside, well then you’ve lost both copies.
5. Storage and sharing of information via the Internet
As we said, the best solution when a company can’t store internally is to look for a cloud service, be it for storing originals or copies. In general, cloud service providers are better prepared than a small or medium business to face any type of incident, such as cyberattacks.
However, there are some risks associated with the use of online tools which are similar to the ones mentioned above. The security and confidentiality of data that is stored virtually depends on the password used by the employee, so it’s vital that this isn’t shared with anyone who may have malicious intentions. Also, documents should never be uploaded to personal accounts, the cloud service shouldn’t be accessed from unprotected computers or via insecure connections, etc.
One of the main tools that cybercriminals use to sneak into an organization and steal information is email. If you employees have a corporate account, the first thing that you need to do is make sure that they don’t use it for personal reasons nor should they use it on public forums or public websites, for example. It’s very easy for the email to end up on a spam list which could mean receiving emails that are not only annoying, but could end up being dangerous.
In general, the best advice that you can give your employees about emails is that they never respond to an email that comes from an unknown or suspicious source. They should also avoid opening or downloading any attachments from these sources as they may contain malware which can affect not only their computer, but possible the company’s entire network.
7. Don’t install programs from unknown sources
Again, they should only trust in what they already know. It’s normal that companies restrict what employees can and can’t install on their computers through the operating system’s permissions. However, if they are able to run new software on their computers, you must ask them to avoid downloading from suspicious webpages. In fact, they shouldn’t even browse them. The web browser is also an access point for some criminals.
8. Be careful with social media
The most recent, and thus unknown, risk is social media. What workers get up to on Facebook or Twitter while at work could be damaging to the company, never mind resulting in lower productivity. Not long ago we warned of the alarming rise in the number of selfies taken in critical infrastructures, which were then found posted on Instagram.
9. A good antivirus
Before using any computer or mobile device, the first thing you should do is install a good antivirus. If this step is important for home users, its importance for corporate users is enormous. A security solution that is especially designed for businesses protects computers and company data in a multitude of circumstances, even when the employees commit an error.
10. The easiest way isn’t always the safest
This point isn’t just for the workers, but rather aimed at the employers: if you make things too difficult for them, they will find a way to work around your security measures. Everything that we’ve explained to you is common sense and very important, but don’t go overboard.
If you ask them to changer their password every week, prepare yourself for the inevitable deluge of post-its stuck to monitors. If accessing a tool that they use for their work becomes too complicated for security reasons, they will use a different one (or, worse yet, one they already have for personal use). If they don’t know how to save files how you’d like, they will find their own way, which might end up being insecure.
So, a middle ground between security and complexity is necessary so that your employees play their part and listen to these tips. They may be your greatest allies or your worst enemies, but only you can choose which.