If you’re a business owner, you know that the people you bring in can be the key to making your business a success. But no matter how amazing your employees are, there’s one area where they can be your biggest weakness: cybersecurity. Nothing personal against them: it’s a human thing. We’re all unintentional cybersecurity risks, simply because people are much easier for cyber attackers to exploit than security software is.
The good news is, there are ways to make your people stronger cybersecurity champions. Educating employees about cyber attacks and online safety can make a huge impact in risk reduction, and you can start with these 3 Ps: passwords, process and perception.
Shockingly, passwords like “Password123,” “LetMeIn,” and, yes, even “football” continue to dominate the top-used password lists year after year. Implementing more stringent password requirements—like more complex passwords, ensuring different passwords are used across various logins, changing them frequently, and making sure they’re not written down anywhere obvious or shared with anyone—can help beef up security. An even more reliable solution is to use a password manager, such as LastPass or DashLane, to create randomized passwords can help strengthen security.
Make sure you have a protocol in place for employees to immediately report any malicious files, stolen devices, or suspicious activity. Having a process that employees can follow, and personnel who are dedicated to handle these threats can minimize the damage done when a potential attack is first detected.
Phishing is one of the most-used tactics of hackers, so knowing how to identify the social engineering techniques these cyber attackers use leading up to an attack can help avoid the breach. Make sure your employees question—and report—unknown individuals who call looking for personnel information (like names, titles, email addresses, etc.). Have them watch out for emails from unknown sources that ask them to download files or click links, even if the sender seems knowledgeable about your business in the content of their email. And only send documents to trusted and verified recipients—ideally, using cloud storage and transfer rather than email, as it’s a more secure way of ensuring the file goes only to the intended recipient.
These are the easiest first steps you can take in protecting your company from within. Proper training for employees should be an ongoing process, however, and it’s best to consult an IT professional to help identify some of your company’s existing weaknesses and strengths, and to build a custom training plan that works for your business. Start with these basics, and keep cybersecurity as a priority in your employee training process.