As a business owner or stakeholder, your goal is to build a culture of cyber security. Arming your employees with knowledge about the potential risks of operating a business is one of the most important steps you can take to protect your company. Consider implementing security protocols on your systems, training staff and following best practices for security.
Establish system security protocols
Security protocols may vary from business to business, but protections may include:
- Locking down logins: Using stronger authentication to protect access to accounts and ensure only those with permission can access them. This can also include enforcing strong passwords.
- Backing up data: Putting a system in place – either in the cloud or via separate hard drive storage – that make electronic copies of the key information on a regular basis.
- Maintaining security of devices over time: This includes ensuring software patches and updates are done in a timely fashion
- Limiting access to the data or the system to only those who require it
Creating a culture of cyber security is an important element of building a cyber secure business. That culture is created by establishing the cyber security practices you expect your employees to follow and training and reinforcing that training so you have confidence the practices are being followed. Employees should know:
- Why cybersecurity is important to protecting your customers, their colleagues and the business
- The basic practices that will keep them and the business cyber secure (see cyber hygiene below)
- How to handle and protect personal information of customers and colleagues
- How and when to report cyber incidents
- Any acceptable use policies your business has in place, including what websites they can visit, the use of personal devices in the workplace, special practices for mobile or work at home employees, etc.
Best Practices for Cyber Hygiene
Encouraging your staff to follow these STOP. THINK. CONNECT.™ tips will help you make significant strides in protecting your business:
- Keep a clean machine: Your company should have clear rules for what employees can install and keep on their work computers. Make sure they understand and abide by these rules. Unknown outside programs can open security vulnerabilities in your network. If they are responsible for making sure the devices they use have updated software, train them to implement those updates as quickly as possible.
- Follow good password practices: A strong password is a sentence that is at least 12 characters long. Focus on positive sentences or phrases that you like to think about and are easy to remember (for example, “I love country music.”).
- Don’t reuse passwords: At a minimum, work and personal accounts should have separate passwords.
- Lock down logins: Whenever possible, implement stronger authentication sometimes referred to as multi-factor authentication or two-step verification.
- When in doubt, throw it out: Employees should know not to open suspicious links in email, tweets, posts, online ads, messages or attachments – even if they know the source. Employees should also be instructed about your company’s spam filters and how to use them to prevent unwanted, harmful email.
- Use WiFi wisely: Accessing unsecured WiFi is very risky. If you have employees who need WiFi access out of the office, use a virtual private network (VPN) or a personal hotspot.
- Backing up their work: Whether you set your employees’ computers to back up automatically or ask that they do it themselves, employees should be instructed on their role in protecting their work.
- Stay watchful and speak up: Your employees should be encouraged to keep an eye out and say something if they notice strange happenings on their computer.
- Plug & scan: USBs and other external devices can be infected by viruses and malware. Use your security software to scan them.