The best security technology in the world can't help you unless employees understand their roles and responsibilities in safeguarding sensitive data and protecting company resources. This will involve putting practices and policies in place that promote security and training employees to be able to identify and avoid risks.
Talk to Employees About:
- Keeping a clean machine - Your company should have clear rules for what employees can install and keep on their work computers. Make sure they understand and abide by these rules. Unknown outside programs can open security vulnerabilities in your network.
- Following good password practices - A strong password is at least 12 characters long and includes numbers and/or symbols. Having separate passwords for every account helps to thwart cybercriminals. At a minimum, employees should separate work and personal accounts and make sure that critical accounts have the strongest passwords. Writing down passwords and keeping them in a safe place away from the computer is one option, but the best way to keep passwords safe is by using a password generator app, or a password protector app (such as Keeper). Enable two-step authentication when possible to ensure accounts are kept safe.
- When in doubt, throw it out - Employees should know not to open suspicious links in emails, tweets, posts, online ads, messages, or attachments – even if they know the source. Employees should also be instructed about your company's spam filters and how to use them to prevent unwanted, harmful email.
- Backing up their work - Whether you set your employees' computers to back up automatically, or ask that they do it themselves, employees should be instructed on their role in protecting their work.
- Staying watchful and speaking up - Your employees should be encouraged to keep an eye out and say something if they notice strange happenings on their computer.
Training Your Employees:
Training employees is a critical element of security. When employees understand the value of protecting customer and colleague information and their role in keeping it safe, they are more inclined to stay alert. They also need a basic education in other cyber risks and how to maintain good online judgement.
Most importantly, they need to know the policies and practices you expect them to follow in the workplace regarding Internet safety.
Effective training is one of the best methods of ensuring online safety and defending against intrusion by cyber criminals because simple human error is one of the most common causes of a security breach.
There are a variety of methods you can use to deliver effective training:
- Classroom based training can be highly interactive and is a familiar, comfortable environment for many people – especially with the presence of an engaging trainer, or coach.
- Presentations are especially well suited to introducing new subject matter, and for organizations with multiple sites.
- Posters provide visible and consistent reinforcement on generic and specific aspects.
- Round-table events / lunch & learns can be provide a social, fun element.
Induction training and general security topics to cover:
- Company specific policies, such as appropriate use policies.
- Routine information, such as how to connect to company servers, change passwords etc.
- Who to ask when support or advice is required.
- Initial familiarization with the risks, such as malware, hacking, fraud, software piracy, harassment, data protection, protection of information assets.
- Computer and mobile device security: how to carry out updates, switch on a firewall, prevent malware.
- Using a web browser safely, preventing pop-ups, avoiding fraudulent sites, checking that an e-commerce or banking transaction is encrypted.
- Behavioral issues: physical security, hoax emails, phishing, passwords, fraud and identity theft and how to avoid them, what to do if there is a problem or uncertainty about something.
- Business issues: data protection issues, employment law, contract law, protecting sensitive company information and avoiding software or other piracy.
The team at Hilltop Consultants can work with you to determine the best security training for your firm and can help facilitate the training. Contact us today using the form below!