Are Your Employees Educated About Cyber-Risks?
Are Your Employees Educated About Cyber-Risks?
Nearly 50 percent of surveyed employees never received cyber-security training from their employers, which should be cause for alarm for IT security professionals.
Require Security Training for All Employees
Human error plays one of the biggest roles in security breaches today. Nine in 10 companies now require this training to assess or improve security knowledge among their employees.
But Are They Listening?
Testing and follow-up assessments can improve effectiveness. Wouldn’t you put more effort into absorbing and understanding information if you knew you were going to be tested?
Give a Pop Quiz
Your employees may be unsettled by a surprise test, but they will probably think twice before clicking on a random email again.
Teach Employees to Question Everything
An employee may receive an email from someone claiming to be the CFO, for example, urgently requesting an invoice containing sensitive information. It’s hard for employees to refuse a perceived authority figure, but it is extremely important for them to slow down, read and reread before answering emails.
Never Release Seemingly Confidential Information
Have an open-door policy and encourage employees to ask their supervisor questions. Provide a general list of what is designated as sensitive information. There are always exceptions, so emphasize effective communication when it comes to company data.
Implement Companywide Security Policies
Data breaches have a negative effect on the entire company, not just the IT department, which trickles down to all employees. Financial repercussions, customer loss and damaged reputations can result in layoffs and pay cuts.
Update Companywide Security Policies
Security policies must keep pace with constantly evolving technology. You need them for laptops and company-issued phones, as well as desktop computers and other technologies. There are always new malware and viruses, so ensure cyber-security policies are also up-to-date.
Have Employees Sign a Contract
Hold people accountable. Write that into their contract. You could require cyber-security training as part of your new hire onboarding.
Mandate Proper Disposal of Sensitive Data
Consider implementing a companywide process for data disposal, whether it’s shredding credit card receipts or deleting digital information. Make this consistent throughout the company.
Don’t Forget About Password Hacks
Cross-platform password hacking is occurring more frequently as major communities’ passwords go on sale. So just changing your password is insufficient. Remind your employees not to share passwords, not to make them obvious, and to reset their passwords often.
