Hackers are smart and every day they’re coming up with more and more intelligent ways to breach networks with viruses, malware and phishing attempts. We recently outlined a spear phishing attempt that appeared to be sent from one of the recipient’s contacts. It went as far as taking that person’s e-mail signature and placing it within the e-mail. 43% of companies have experienced a data breach in the past year, according to an annual study on data breach preparedness by Ponemon Institute. We identified even more staggering statistics regarding IT security in our recent infographic, stating that cyber-attacks against small businesses were up 300%. These statistics are screaming loud and clear that the need to be vigilant regarding your IT security it of the utmost importance. It starts with your network, devices and management – but ends with your employees. One of the best ways to improve the state or your IT security and reduce your risk of breach is to train your employees.
Educate your employees on the dangers of plugging in external devices.
Many don’t realize that plugging in their own thumb drive, external hard drive or even smartphone can infect their business workstation and put the entire network at risk. USB drives are a great way to transfer data to other workstations or take data to a meeting, but they’re also a huge security hole. Malicious software can be placed on USB drives that can redirect internet traffic and take over a PC. It’s important that employees use best practices methods for transferring data be very careful to analyze all data on the USB and be wary of accepting free USB drives.
Educate employees on the dangers of public wifi.
Businesses should also take time to educate their users on the dangers that linger when connecting to public wifi. Employees travelling connect to wireless at airports, in coffee shops, at hotels and convention centers. When employees connect to these networks, they have the potential to not only compromise any credentials that they input on that network, but also their machine before they bring it back to your network. Educate your users on the importance of opting in to each public wireless network carefully, as certain network configurations allow the administrators to read the text or e-mails and even the user credentials. Encryption software is a great way to help protect data, but you should also educate users on only selecting reputable wireless networks.
Request that they use good judgment and be vigilant about online activities.
“If you see something, say something” is a very popular security phrase that cities use to get help from their inhabitants and increase security. Asking your employees to use logic when interacting with strange e-mails, perceived threats and on social media is crucial. Just by planting the seed that security is partly their responsibility can make them think twice before entering credentials or sending sensitive information that has been requested. Make sure that they understand to never blindly send information requested and to always verify that the site they are signing in on is secure and official before inputting credentials.
Use an external training service.
Dell Security is just one example of a company that offers user training and testing services in order to educate on best practices regarding internet and device security. These services can train your users with an online video, test them and even execute field training where they send out a fake malicious e-mail and exact further training based on the results of that e-mail. The more training that your employees receive on information security and best practices, the more you reduce the risk of attack and data compromise.
The bottom line is that the security of your business depends largely on not only your investment in management and monitoring tools, but also the level of care your employees place on your company data and utilizing best practices when logging in, logging out, using wireless networks, external devices and in their everyday browsing habits. Knowing that the state of your business relies so heavily on your employees being vigilant about security means that it’s time to educate them.