7 Security Best Practices to Teach Your Employees
These days, it’s not too far of a stretch to say that business lives and dies on computers.
After all, the benefits of going digital are clear. Greatly improved efficiency is reason alone, but data analytics and social media monitoring can take things to a whole new level, and that’s just the tip of the iceberg.
Of course, catch any moderate-sized dealership when its systems are down, and watch as even the most efficient business processes grind to a halt. That’s why it’s so important to have a crack team of experts handle your IT infrastructure and services, ready to respond to any technical need.
But it’s not just the risk of system failure that you need to be aware of. Making the switch to digital means opening yourself up to a whole new range of security risks that you and your employees will have to understand and defend against if you’re going to ensure the safety of your business.
In today’s entry, we list the 7 most important security best practices to teach your employees to keep your business safe.
1. Keep Accounts Secure
At the most basic level, every computer needs to be secured with a password to prevent entry by unauthorized personnel. And with so many tools and applications moving to the cloud, a single person may require more than a dozen accounts and services across the internet.
It then becomes tempting to just keep an easily-memorized password that you can use for every account. I’m sure I don’t have to tell you the obvious danger in that scenario. If your password is ever guessed or acquired, it would lead to everything being compromised!
Create Secure Passwords
The United States Computer Emergency Readiness Team, in its circular for creating strong passwords, also recommends having a secure password philosophy that has the following characteristics:
- No personal information
- No words from the dictionary
- Include at least 3 of the following sets: Uppercase, lowercase letters, special characters, numbers
- Use the longest possible password
You can also opt to use a password manager to ensure security across all accounts while simplifying password memorization.
For further security, whenever possible, it is absolutely necessary to make use of multi-factor authentication (MFA), as this ensures that even if a machine and a password are both compromised, it can’t be used to gain access without another device for authentication. MFA is a great way to give yourself a failsafe should the worst case scenario occur.
2. Protect Against Phishing Attacks
When the word “hacking” comes to mind, many people probably visualize glamorous images of masterful tech geeks tapping away at keyboards, defeating firewalls and stealing data like modern wizards.
However, the reality is that a huge amount of hacking takes place over email or over the phone, tricking unsuspecting humans into sharing important information. This is known as social engineering, and defending against it is a critical skill to learn in the digital age.
What is “Phishing”?
One of the most common social engineering techniques is known as phishing, in which an attacker pretends to be a trusted individual or reputable organization, and tricks a target into sharing information.
A variety of techniques may be employed – some attacks pretend to be a security person from the company and claim that the target’s security has been compromised, while others might use fake web pages designed to look just like the real thing, allowing them to ask for login information that can be stored and used on the real deal. They may even pretend to be the CEO.
To protect against phishing, you should be aware in detail of many kinds of phishing attacks, and instruct your employees not to respond to such unless they’ve come from official channels. This is a difficult step, and it may be advisable to hold a security workshop to help your employees out.
3. Have Anti-Malware Software on Every PC
Malware can certainly ruin your day in a variety of ways, from crashing a PC to stealing your confidential information. There’s even that horrifying risk of ransomware that can never be understated.
Having anti-malware software at the ready to defend against infection is an absolute must for every machine that is connected to your network, whether it’s a laptop, a desktop, or a mobile device.
4. Never Use USB Storage Devices
A huge number of infection vectors for malware come from USB devices. The mechanism is simple—plug a USB device into an infected computer, and malware gets downloaded onto it surreptitiously. Then when it makes its way over to a company computer, the malware is deployed and the company computer is now infected, ready to open its arms (and drives) to the malware creators.
Secure cloud storage and transfer solutions are gaining ground as the preferred means for data transmission. However, if USB storage devices absolutely must be used, make sure that some kind of anti-malware software is used, one which can scan portable devices before they’re allowed access to the machine.
5. Encrypt All Storage Devices In Use
Business-ready operating systems often have the ability to encrypt their storage drives. Many external drives also come with some manner of software or hardware encryption. Make use of these tools so that even if a machine is stolen, none of the sensitive information within can be accessed.
6. Avoid BYOD Schemes – or Implement Unified Security Protocols
Bring Your Own Device is a popular scheme in many businesses. Employees are often happier and feel more in control under such schemes, and it’s cheaper and easier to onboard these devices than to deploy company phones.
However, in terms of security, individuals are far more lax with their personal devices than a company would be. This means less robust device security software, fewer protocols of data safety, and other pitfalls that could be weak points in overall security.
This is why, as much as possible, you should try to avoid BYOD so that you can maintain as much control as possible over security. However, if BYOD is a must for any reason, then ensure that every device is equipped with company security tools, and every employee is instructed on the implementation of security protocols.
7. Always Have Data Backups at the Ready
One effect of a successful hack is that data may be compromised, destroyed, or otherwise rendered inaccessible. It becomes imperative for any business that they keep backups of all data in case this happens.
These backups should be regularly updated, and follow the “3-2-1 rule”:
- Three total backups
- Two onsite
- One off-site
Having such a backup protocol will not only protect your data during attacks but will also protect it from disasters such as fires or earthquakes that could physically damage the data storage.
Security in the digital age can be a real challenge to wrap your head around—with so many tools and protocols developed to combat threats, and the threats themselves evolving in response. It’s great to start with a working knowledge of these threats and understand how to protect against them.
However, these threats are changing every day, and you need to be able to respond to them, whatever they are. This basic awareness is just the start of what should be an ongoing effort to keep your security knowledge up to date!