Cyber attacks use malicious code such as viruses and ransomware to modify computer code, data,or logic culminating into destructive consequences that can compromise your data and business. No amount of physical protections or software tools can provide 100% security for your computers and network. Most security experts also agree that the biggest risks are your users, and educating them will be the most important aspect. Your goal is to reduce the risk of and from attack to the greatest extent possible, and educating your employees may be the most effective method for mitigating risk.
Educating employees about how they can be compromised is the first step. In today's digital, there are so many potential security risks that they must be aware of in order to protect themselves:
- Identity theft
- Corporate espionage
- Malware (viruses, trojans, adware, phishing, ransomware, etc.)
- Carelessness with passwords
- Lost or stolen equipment
- Sharing of computers
- Intrusion from unsecure networks
There are numerous online and commercial education resources for training your employees. Education needs to be supported by policies and procedures documented in your organization. We use a Professional Empoyer Organization (PEO) who helped us update and maintain our employee manual. Your employee manual should include guidelines for protecting the company from cyber threats through vigilance.
This often starts with passwords. Assuming that your technology team has already required complex passwords which must be changed on a consistent basis, the policy will be useless if the password is posted on a note attached to the user's module or on a card in their top drawer. It is unlikely that all your computers will have biometric login devices like Windows Hello or a fingerprint reader, so educate your users how to create easy to remember passwords that are complex and aren't their childs name with a number 1 and an exclamation point. Simple methods like using lyrics from your wedding song. A long password can often be easier to remember than some cryptic or random password generator, and experts have found the longer the password, the harder to break.
What often sounds like common sense security is often news to the uneducated. Teach your employees never to talk to people from the bank or credit card company asking for information about corporate assets. Have employees direct any caller to your security expert or controller who can call the company's contact. Codifying these policies is only effective when combined with education and periodic reinforcement.
In our experience, a huge percentage of intrusions come via e-mail. In the next installment on cyber security we will provide guidance and insights on specific education for employees on phishing and how to protect themselves from malicious e-mail. If you can't wait to learn more, contact one of our representatives at firstname.lastname@example.org or call one of our solution experts at 678-627-0646 x230.