When it comes to your business’s security, employees can be your weakest point.
Employees make a soft target for cyber criminals to take advantage of. Phishing emails and other types of attacks may target workers deliberately, in an attempt to make them give up login credentials or unwittingly reveal sensitive information.
For that reason it is important to take the necessary steps and precautions to educate workers and develop workplace policies. Systems that workers use should be hardened and protected, to avoid security breaches and catastrophes. You’ll also want to take steps so that former employees don’t pose a security risk.
Here are some steps small business owners can take to protect the business.
Establish Policies and Train Employees
Take the time to educate employees so they are aware of the risks and what to do. Simply by talking about the importance of data security and safe browsing, employees are more likely to make it a priority.
Develop policies for worker cyber security. Spend some time going over common security issues and how to avoid them, including the following:
Learn to identify and avoid being tricked into clicking on and opening phishing emails. Often there’s something “off” about a phishing email, or if scrutinized the links can identify they are from an unofficial sources.
Don’t click links in emails unless the employee is sure where the email came from or is expecting the communication.
Never give out passwords in emails ever.
Scrutinize any communication that asks you to log in and provide sensitive information in any account. These can lead to fake sites designed to harvest sensitive information.
Use strong passwords with combinations of lowercase and uppercase letters, numbers and characters. Do not use passwords that are easily guessable. The harder it is for cyber criminals to use a dictionary attack or other means to figure out passwords, the more likely they will move on to some other softer target.
Use browser settings that block or show a warning before visiting sites with malware. For example, Chrome has an advanced setting to “Protect you and your devices from dangerous sites.”
Don’t download software from unofficial sources. Malware can take a ride alongside it.
When using devices for business purposes while traveling, avoid free unsecured WiFi. Consider setting up a VPN for workers to connect to company systems, and instruct them how to use it.
Protect Systems Employees are Using
If systems that employees use are insecure, then by definition your business is less secure. It is therefore crucial that systems be hardened and protected. The following are some basic steps to take as it relates to systems that employees use:
Disable Access When Employees Leave
When employees leave, companies may overlook disabling access to systems and data. Here are some steps you should take following an employee’s departure or when you stop the services of a contractor who had access to your systems:
Remember, even by taking the above precautions, not all security issues can be predicted. But basic steps like these will make your business more secure.