Visa Europe revealed important stats about the usage of Contactless Cards. Poland, Spain and the UK use this payment methd the most, with UK usage growing by 300% year over year.
Here at Advantio, we constantly promote better security practices. We encourage you to make sure that your business is PCI DSS compliant; we have written about making sure that you consider security practices during your Software Development Life Cycle (SSDLC); we have also offered up information about the growing trend of Internet of Things. But what about the Cyber Security practices for your employees themselves?
As employees have more passwords to remember, more devices to keep track of and rules to follow, the potential is high for any employee, at any level in your company, to slip up. Should that happen, the effects could be devastating as confidential data or customer information could fall into the wrong hands, rendering your company liable for legal action and in some cases eligible to get fines from financial institutions.
That’s why you should do what you can to make it far less likely that your sensitive information and assets get stolen. You need to teach and promote Cyber Security best practices to keep your business protected, and in this article we are giving some suggestions.
If eyes are the windows to the soul, then passwords are the windows to the employee's entire digital footprint. It is absolutely remarkable how many people do not know how to put together secure passwords (something demonstrated by the fact that people still use simple passwords like '123456' and 'password' in the year 2014) nor are they aware that having the same password for multiple accounts (especially your corporate and personal accounts) is a "grade A" bad idea.
Your employees should be encouraged not just to change their passwords regularly but to ensure that when they do change them, they're actually smart and not-so easily guessable. Secure passwords should be lengthy, they should contain numbers, a mix of lowercase and uppercase letters and, they should also chuck a few symbols in there too.
As it may be a pain for your employees to remember, it may also be a good idea to get them using a secure password manager. With password managers, your employees will be able to log into the various accounts that they have using one, central master password. In doing this, their individual accounts will be protected (many password managers encrypt their information) but they won’t have to remember all of their passwords.
Something that is also surprising is that many people (again, at all levels of business) do not know what does and doesn't leave their computer open to potential threats. It may be fine for them to download endless amounts of files, be they a million one photos from joke sites or questionable MP3s, but at work, your employees need to know what is and isn't going to fly.
Understandably, each company may have a different tolerance to what employees can put on their computer (for example, having downloads from iTunes may be perfectly acceptable but those from torrent sites may not) but either way, this should be clear. If it's unclear then your employees may take that risk anyway, explaining after a breach that they thought they were being careful. Take steps to limit this before it happens.
In fact, it's a very good idea to have clear cyber security rules in general. We understand that for employees not well-versed in the ways of IT Security and for those who had never considered it an issue, it may be difficult to keep up with all of the rules that you task them with, so having them to follow a tasks list is the best way forward.
Again, these rules may be different for each company but some basics include how to backup data, how to put together passwords, what employees shouldn't be downloading and what they should do if they see something suspicious. Data backups are handy as, in the event of accidental deletion or even a breach, a data backup can quickly restore the lost files and the employees can carry on with their work. Clear download rules ensure that your employees' computers will stay clutter free once they have tidied them up and a 'how to' for passwords will mean that when they recurrently refresh their password and they won't forget how to make it a strong one.
As for what employees should do if they see something suspicious, this is a helpful guideline as it will challenge your employees to stay vigilant. It's not uncommon for people to simply just ignore changes with their computer, because they may not know whether those changes are bad or good, but you should be teaching your employees to stay aware. The appearance of an odd pop up, for example, could be proof of a virus/malware or it could just be the computer doing a regular maintenance check. At least with a rule related to suspicious actions goings on, your employees will know how to report it.
These may also be a good fit for your IT Security rulebook:
Advantio can help you getting your team up to speed with Cyber Security best practices to keep your business protected. We can help you create guidelines and spread a security culture among your employees.
Marketing Director at Advantio. The articles published in the Advantio Blog have the goal of supporting our mission: making IT Security simple for everyone.
My intention is to discuss IT Security related topics with the eyes of a non technical person, speaking a simple language and trying to show to the readers the benefit of IT Security best practices.