Your employees are the heart of your business. They work hard and keep everything moving forward. The problem is, that employees are also your biggest risk when it comes to data security and cyber safety.
Even with a strong cybersecurity posture in place, many businesses fail to recognize the cyber threat from within. For the most part, employees are not purposefully sabotaging their employer. Instead, lax protocols and insufficient training make workers the ideal target of cybercriminals. Just a click on a phishing email or an infected attachment by an unassuming or careless employee – and voila – your business’s data and entire network might find itself under siege. And that is a frightening scenario.
Experts estimate that approximately 25% of employees are unable to identify the tell-tale characteristics of a phishing email. This, combined with advances in artificial intelligence that allow hackers to appear more legit than ever, poses massive challenges to your business’s safety and security.
Your employees must understand some of the cyber dangers that lie in wait:
Third-Party Apps
Third-party applications are a common entry point for malware. A good example of this is the SolarWinds cyberattack a few years ago that spread like wildfire and affected more than 18,000 of its customers. Other big-name brands like Target and Volkswagen have had their data compromised by third-party hacks, usually due to inadequate security measures. App stores may also lack basic privacy protections, which may result in data being shared or stolen.
Be sure to properly vet all third-party apps before they are loaded to your systems and continue to install all suggested updates.
The Challenges of WFH
While the Work-from-home employment model can provide a business and its employees numerous benefits, it also increases cyber risks.
Some remote employees choose to work from libraries or coffee shops and thus connect to the internet via a public Wi-Fi network. This can pose a danger to your systems due to the network being unsecured and accessible to strangers.
If your employees are working remotely, make sure your security policies match the risk they pose. This might include specifying firewall protection, limiting locations, and other necessary measures.
Strong Password Policy
It might be surprising, but the number one defense against hacks and malware is the implementation of a strong password policy. Require that your employees use unique passwords and that they change them regularly. Forbid any sharing of passwords (except perhaps with your IT department) and consider third-party authentication applications.
Just Say No to Social Media at Work
It might seem like a no-brainer, but you would likely be shocked by how many employees access their social media accounts on company computers. And make no mistake, this should be a big no-no. Besides the fact that hopping on their social accounts likely serves no legitimate business purpose, social media sites like Facebook can be rife with data miners actively seeking to prey upon unsuspecting users. While most of these bad actors are targeting personal data, they may also seek work-related information.
Forbid your employees from accessing social media at work and educate them on potential red flags, like seemingly innocent posts that ask them their grandmother’s first name or the street that they grew up on.
Security Awareness Training Is a Must
Even with all the information and cautionary news stories, many employees are unaware of the cyber risks they pose to your business.
Consider Security Awareness Training (SAT) as a key component of your cybersecurity strategy. SAT generally includes courses on phishing awareness, password protection, best practices, and other key cybersecurity topics. There are several capable and cost-effective SAT providers to choose from.
Remember, small businesses are a hacker’s favorite target. So, regardless of your company size, ensure your employees understand the multitude of cyber risks and how their actions can help or hinder the security of your company and its data.
We would love to hear your comments. Please contact us today!
Gary Brunson
gary@myclearfocus.com
Debra Rider
debra@myclearfocus.com
574.361.2674
Sustainable Growth & Profit Consultant, Coach, Mentor, and Counselor/Therapist for Business Owners and Professionals.