When it comes to information security, it’s the employees that are positioned as the most important factors. Any company should have a cybersecurity policy that is comprehensive enough for both managers and co-workers alike to follow. But even while having all these protections, it’s very important for everyone to remain on guard, just so one can ensure the company’s network and data are safe and secure.
Should there be a difference, whether you work at a midsize or small company? Hackers like to go for the big organisations, but even the smaller organizations can sometimes make attractive targets. Why? Because many cybercriminals believe that the smaller businesses usually have less controls in place, making them easier to exploit.
Your company could have the most comprehensive office policies, along with cutting edge security software, but its’ the actions of each and every employee, that determines how safe a company’s data will be. The reality is, that all it takes is for one employee, to make the mistake of sharing sensitive data on their mobile device or for them to click on the wrong link, and you’ll have a data breach.
When you’re an employee of a midsize or small company, it’s very important that you learn the cybersecurity best practices. If you take the time to learn all the finer details of cybersecurity, it can help you massively towards protecting your organisations data.
1. Protect Your Data
During your day to day life, it’s most likely that you try to avoid sharing identifiable information about yourself, such as credit card details or social security numbers, whenever you’re answering a text message, unsolicited email, instant message or phone call. This is the same kind of caution you should exercise while at work. One thing to think about is the fact that cybercriminals are capable of creating websites and email addresses that appear legitimate. Scammers are capable of faking a caller ID. Hackers are able to take over the social media accounts of a company and send out messages that look legit.
Though something you’re probably already aware of, but we must reiterate. Never leak intellectual property or sensitive information on your company. For example, if you were to share a seemingly harmless picture online, that had a computer screen or whiteboard in the background, it could accidentally reveal information that the company doesn’t want others seeing.
Additionally, you want to be respect and careful enough to respect the intellectual property of other organisations. Even if it’s unintentional, using the IP or sharing trade secrets of other companies is capable of getting, not just you, but also your company in trouble.
The creation and distribution of effective business policies should help protect the customer, employees and company data. Such a policy should contain information on how to destroy data that is no longer of any use, and what to do when you encounter suspicious emails or in the event of a ransomware attack.
2. Complex Passwords and Multi-Factor Authentication (MFA)
Do you think it’s impossible for someone to figure out that you’ve chosen your daughter’s name or your father’s birthdate as your password? Well think again. Cybercriminals have password hacking tools that are capable of guessing difficult passwords in a matter of seconds. When we look at traditional advice on creating a complex password, we see that the recommendation is a minimum of 12 characters. Which should be a mix of symbols, numbers, and upper and lower case text.
While on the surface this may seem like enough, in reality, this isn’t nearly enough, as most security professionals nowadays, recommend that you use multi-factor authentication. Two factor authentication for example, is a security system which requires the user to complete two authentication factors in order to gain access to their account, program or resource.
3. Expect Compromise
At any given time, you can expect a security breach or at the very least, a security incident. So you have to accept that reality. The best approach is to make yourself prepared for any situation, that way you’ll be able to better reduce the amount of damage that is done in the event of such a situation. In addition to that, you want your company or business to have all the appropriate equipment to be able to detect a security incident as soon as they occur. This means two things. One, having the security technology in place to be able to detect and analyse any and all suspicious activity, and two, having a workforce that is educated on the various signs to look out for, and how to report them, when they occur. You want your business to have a culture of honesty, one that doesn’t punish any one employee for any little mistake. Otherwise, employees may choose to hide any errors they make, which can make any bad situation even worse.
4. Invest In Security Systems
For the smaller business, there may be a certain level of hesitation, when looking at the large amounts of money that the very best security systems demand. Such systems usually include protection such as malware and antivirus protection, running consistent and regular system check-ups, external hard drives, for back-up systems and more. Put, pooling all that required funds together to make the investment as early as possible, can end up saving a company and its employees potential financial woes some time down the line – when a breach occurs.
Any and all devices that are used either in the work place or at home, should have some form of protection software attached to it. It’s very important that the company provides information security for the workplace. With the employees doubling up, by notifying the Information Security Manager or IT department, every time they encounter something that they deem suspicious. As this could be a flaw in the system that the security department needs to fix. And the quicker you’re able to report this, the better it is for the employee and the company. Some security issues could have been easily avoided, if they were just tackled in time.
AUTHOR INFO
Uchenna Ani-Okoye is a former IT Manager who now runs his own computer support website https://www.compuchenna.co.uk/.
Read More:
Cybersecurity Laws in the United States