In an age where we hear of data breaches regularly, it becomes a challenge for business owners and managers to safeguard their customer and employee data. While some data breaches are the result of hackers attacking your network, sometimes the breaches come from within. An employee that has not been trained on basic cybersecurity protocols can be the downfall of an entire company. To aid in the education of employees, here is a lists of tips to protect your company’s data.
Consistency is Key
There are a few things that you do on the daily basis that should be considered cybersecurity 101:
- Use a strong password and change it regularly. Use at least 3 character types, at least 8 characters long, and change it every three months.
- Keep your passwords private. If you need to have a spreadsheet with your passwords, encrypt it with a password that you will always remember. Do NOT keep your passwords in a notebook or printed out on your desk.
- Don’t install software or insert media without permission. Many companies have IT blocks on your computers that prevent this, but do not install things like Pandora or even insert a USB drive into the computer without permission. All these can open doors to the sensitive data on your network.
- Lock your station when you get up even for a minute. On a Windows computer, you press the Windows button and the L key at the same time. On a Mac, you will need to enable one of the several ways to lock your screen. Requiring a password when you return is also key to security.
- Keep your computers updated. All computers and software need to be updated occasionally. Many times these include security updates for the operating system that fixes newly discovered security risks.
3 Threats from Within
Accidental: These data breaches are sometimes unavoidable and it is important to secure the data as soon as possible after a breach. According to a report in 2017, accidental breaches in the healthcare sector account for 42% of all incidents. Sending the wrong attachment, selling a filing cabinet full of papers, or simply lost mail can all contribute to accidental data breaches.
Negligence: Neglecting basic security measures opens doors to your data every day. If an employee connects to your server over an unsecured network like a coffee shop, anyone else on that network can use the opening to hack into your systems. Downloading programs from untrusted websites can lead to viruses that eventually get into your entire system. Phishing scams are also an easy way for people to get into your system by asking for them to wire money or provide login credentials. The only way to prevent these types of breaches is to properly train your employees on cybersecurity basics.
Malicious: Even though it may sound like something out of a spy movie, corporate espionage from within is a real threat if you have a sensitive data. Terminated employees that still have an active login, an unhappy employee wanting to do damage, and clandestine undercover operations in favor of your competitors are all rare, but are still possibilities.
HR as a Cybersecurity Resource
Typically, cybersecurity training for employees is handled by the IT department, however a recent EBN article suggests that the Human Resources department can play a key role in these efforts. The contribution of HR can be as small as reminding employees to change their password, to combining this training with other company information that is regularly reviewed by employees. HR adds a human element to the sometimes confusing techno-babble of cybersecurity, leading to a greater understanding by the employees and more secure company data. A great resource for training on cybersecurity, HIPPA, and many other topics is ThinkHR. They provide an easy-to-use online training platform that allows you to assign and track training modules.
If your company is looking for benefit education, financial literacy, or help navigating ACA regulations, call a benefits consultant today.