Are Your Employees Educated About Cyber-Risks?
Nearly 50 percent of surveyed employees never received cyber-security training from their employers, which should be cause for alarm for IT security professionals.
Human error plays one of the biggest roles in security breaches today. Nine in 10 companies now require this training to assess or improve security knowledge among their employees.
Testing and follow-up assessments can improve effectiveness. Wouldn’t you put more effort into absorbing and understanding information if you knew you were going to be tested?
Your employees may be unsettled by a surprise test, but they will probably think twice before clicking on a random email again.
An employee may receive an email from someone claiming to be the CFO, for example, urgently requesting an invoice containing sensitive information. It’s hard for employees to refuse a perceived authority figure, but it is extremely important for them to slow down, read and reread before answering emails.
Have an open-door policy and encourage employees to ask their supervisor questions. Provide a general list of what is designated as sensitive information. There are always exceptions, so emphasize effective communication when it comes to company data.
Data breaches have a negative effect on the entire company, not just the IT department, which trickles down to all employees. Financial repercussions, customer loss and damaged reputations can result in layoffs and pay cuts.
Security policies must keep pace with constantly evolving technology. You need them for laptops and company-issued phones, as well as desktop computers and other technologies. There are always new malware and viruses, so ensure cyber-security policies are also up-to-date.
Hold people accountable. Write that into their contract. You could require cyber-security training as part of your new hire onboarding.
Consider implementing a companywide process for data disposal, whether it’s shredding credit card receipts or deleting digital information. Make this consistent throughout the company.
Cross-platform password hacking is occurring more frequently as major communities’ passwords go on sale. So just changing your password is insufficient. Remind your employees not to share passwords, not to make them obvious, and to reset their passwords often.