Turn Your Team Into Your Greatest Security Defense
IT security experts will often tell you that employees are the greatest security vulnerability in any company. We warn of social engineering emails and phone calls, reused passwords, work emails used on personal accounts, and dozens of other behaviors that can put your business at risk for breaches and hacks.
According to a cybersecurity report by Kaspersky in 2019, 90% of data breaches occur due to human error. Other sources cite “employee negligence” as a top cause of data breach. Negligence is its own issue, but it’s important to take responsibility as an employer for proper training that could prevent a data breach.
Employee education can save your company millions of dollars. Consider employee education and training the cheapest form of IT security available to companies of any size. Be sure to also take into account the potential costs of data loss—how much would you lose in time and resources in the event of a breach?
Instead of thinking of employees as a liability, consider your team to be a great untapped asset for network security. These five easy behaviors can make a huge difference in your security!
1. Lock your computer when you step away:
We may trust our coworkers with our PC, but there are security risks involved when you leave your computer unattended and open. When you walk away from your computer, take a second to press Windows Key + L to lock your screen and protect any sensitive data.
2. Avoid flash drives, especially “found” flash drives:
Flash drives are useful, but they can easily be loaded with malicious programs or used to steal data. One of the oldest forms of social engineering involves dropping a flash drive in a parking lot and waiting for an employee to pick it up, thinking it simply a lost flash drive, and put it in a computer to see who it belongs to (or to snoop around). It can then install software on the employee’s computer, sometimes without the employee ever knowing. If it’s not your personal flash drive, avoid putting it in your computer.
3. Don’t let just anyone into your server area:
Be careful who you allow to get access to your server. Sometimes people will pose as IT providers to get physical access to your server. If you did not have a scheduled appointment and don’t recognize someone who says they’re from Facet, you can always call us to see if we sent someone out to your location.
4. Verify email senders before clicking links:
Always check the “from” field in any email you get before clicking on a link. Many scams involve fake links (and “from” addresses that are spoofed) to get your login information. If you get a password reset email or other account notice unexpectedly, go directly to the site in question via a browser rather than clicking the link in the email. These couple seconds can save you a lot of trouble!
5. Develop a healthy sense of skepticism:
The most important thing to teach your team is to treat most online and phone interactions with a healthy sense of skepticism. This means taking that extra few seconds to really think about something before pulling the trigger, and not letting a sense of urgency take over. For example, if you get an email with an offer, take a little extra time to verify that it’s a legitimate offer from a real, reputable company.
Employee training may take time, but the practice can save your business thousands in the long-term. For more information, or to request on-site employee training, contact Facet today. We offer a variety of training, including phishing email simulations, training videos, and printed materials.