How to Ensure Your Employees Are Security Conscious
It’s one thing to rely on computer software to block everything that is coming in. Weather it’s windows firewall, Norton or AVG, we all need to be protected from online threats which attack us from all sources. Despite how good our security can be there is one defining factor which can override how useful security software is… US!!! Computers will follow a path that we create (coding) and unless the coding is wrong it will work and do its job the way we have made it, even if it fails it will generally be down to a human error. People, however, can cause major issues to security whether staying logged in on important documents (visibly showing to other employees) or not ensuring security is up to date, quite often that we are the weak link.
How to become a stronger link
Unfortunately, humans will always be susceptible to errors, it is in fact human nature. The best that an employer could hope for is to minimise the chances of this happening, which can often come in the form of training every few months. Another way, something akin to a set of guidelines, is a best practice document to ensure constant vigilance of your workforce over their day to day security measures when operating company computers. This is something that can be kept with all employers and employees at all times. There is definitely a level trust that employers have with their employees and one aspect of this is trusting that they do everything in their power to all company property safe and secure, as an employer you want to do everything you can to ensure they can do this, the following is a simple set of guidelines that you can use as is or tailor it to suit your company’s needs:
- Anti-virus updates – it’s one thing to always have it, it’s another to keep it up to date. It is good practice to periodically check yourself that everything is good. Sometimes auto updates may have accidentally been turned off and you do not want to be left exposed with out of date software.
- Device firewall – no matter what operating system you are using ALWAYS ensure there is a firewall and always CHECK at the start of each day it’s turned on. There are many software downloads that can often require you to turn the firewall off so double checking every morning it’s turned on is a good idea, it’s quite surprising how many people will forget to turn it back leaving a good hole in your online armour.
- Up-to-date OS – this is generally done automatically but a lot of people do like to do it themselves, picking and choosing what to up to date based on what they like or don’t like. Always make sure your OS is up to date, one of the key parts of any OS update is security. Updates will constantly re-encrypt security and to keep it better protected and this is something you will definitely want.
- Be mindful of pop ups – generally pop ups may happen when you visit a site and will show a video or some advertising. Quite often, however, they will come up saying you a virus has infected your computer. Pop-ups don’t do this, keep up to date about what’s what so that you can aware of what to avoid
- Passwords – use passwords on everything you do, as well as this, use a strong and unique password. If an attacker beats one password it will be just as hard to breach the others when their all different. If their all the same then everything can be accessed.
- Social media – a very handy tool for any business, yet, be mindful on how you use. Accidentally share the wrong information and it can easily lead to a security breach in the company. Always double check the post you are putting up to ensure non-sensitive information is going up. There are also companies out there who will screen sites and can get personal details about your company from social sites and public record sites and in turn can send out malicious malware to your devices. Be careful, not just about what you post up but also about where you post, the more sites you post up on the higher chance there is of your personal info being screened.
- Knowledge – one of the most important tools to have, the more you are understanding of online security you have then the more you can aware you will be of potential threats. As stated earlier, threats come from everywhere, insecure sites, emails, pop ups etc. The list goes on but the more of these you can understand the better you will be at identifying potential threats.
There is always more to do
This is just a very simple set of guidelines and a very general one that will apply to nearly everyone. This can be expanded on and can be tweaked to coincide with how your business works, it’s worth spending some time to research just how you can get the best help your workers to keep every aspect of your business safe. Security is very important, more and more of our information is put online and so we depend on it hugely and we invest a lot of money to ensure it is protected. Don’t allow a simple error (such as opening an insecure email) be the reason your system becomes the subject of an attack.
We can help
Training in how to avoid falling victim to “social engineering” attacks and how to stay secure online at home and in the workplace, can prevent most security issues before they have a chance to take hold and can save thousands in expensive recovery operations.
Provision of information security and access policies not only provide a benchmark in which to measure your organisations exposure to electronic threats but, when correctly implemented, ensure a defined structure on how to keep your data secure, how to respond to threats and clearly defines who is responsible for the various areas of your businesses electronic strategy.
In addition to the above, in many industries, it is a regulatory requirement to have these procedures and policies in place and, if the worst should happen, provides evidence of your due diligence.
– Nick Hill