Here at Advantio, we constantly promote better security practices. We encourage you to make sure that your business is PCI DSS compliant; we have written about making sure that you consider security practices during your Software Development Life Cycle (SSDLC); we have also offered up information about the growing trend of Internet of Things. But what about the Cyber Security practices for your employees themselves?

cyber-security-best-practices-to-keep-your-business-protected

As employees have more passwords to remember, more devices to keep track of and rules to follow, the potential is high for any employee, at any level in your company, to slip up. Should that happen, the effects could be devastating as confidential data or customer information could fall into the wrong hands, rendering your company liable for legal action and in some cases eligible to get fines from financial institutions.

That’s why you should do what you can to make it far less likely that your sensitive information and assets get stolen. You need to teach and promote Cyber Security best practices to keep your business protected, and in this article we are giving some suggestions.

Promote the use of secure passwords

If eyes are the windows to the soul, then passwords are the windows to the employee's entire digital footprint. It is absolutely remarkable how many people do not know how to put together secure passwords (something demonstrated by the fact that people still use simple passwords like '123456' and 'password' in the year 2014) nor are they aware that having the same password for multiple accounts (especially your corporate and personal accounts) is a "grade A" bad idea.

Your employees should be encouraged not just to change their passwords regularly but to ensure that when they do change them, they're actually smart and not-so easily guessable. Secure passwords should be lengthy, they should contain numbers, a mix of lowercase and uppercase letters and, they should also chuck a few symbols in there too.

As it may be a pain for your employees to remember, it may also be a good idea to get them using a secure password manager. With password managers, your employees will be able to log into the various accounts that they have using one, central master password. In doing this, their individual accounts will be protected (many password managers encrypt their information) but they won’t have to remember all of their passwords.

Keep all computers "clean"

Something that is also surprising is that many people (again, at all levels of business) do not know what does and doesn't leave their computer open to potential threats. It may be fine for them to download endless amounts of files, be they a million one photos from joke sites or questionable MP3s, but at work, your employees need to know what is and isn't going to fly.

Understandably, each company may have a different tolerance to what employees can put on their computer (for example, having downloads from iTunes may be perfectly acceptable but those from torrent sites may not) but either way, this should be clear. If it's unclear then your employees may take that risk anyway, explaining after a breach that they thought they were being careful. Take steps to limit this before it happens.

Create a corporate security policy...and train your team

In fact, it's a very good idea to have clear cyber security rules in general. We understand that for employees not well-versed in the ways of IT Security and for those who had never considered it an issue, it may be difficult to keep up with all of the rules that you task them with, so having them to follow a tasks list is the best way forward.

Again, these rules may be different for each company but some basics include how to backup data, how to put together passwords, what employees shouldn't be downloading and what they should do if they see something suspicious. Data backups are handy as, in the event of accidental deletion or even a breach, a data backup can quickly restore the lost files and the employees can carry on with their work. Clear download rules ensure that your employees' computers will stay clutter free once they have tidied them up and a 'how to' for passwords will mean that when they recurrently refresh their password and they won't forget how to make it a strong one.

As for what employees should do if they see something suspicious, this is a helpful guideline as it will challenge your employees to stay vigilant. It's not uncommon for people to simply just ignore changes with their computer, because they may not know whether those changes are bad or good, but you should be teaching your employees to stay aware. The appearance of an odd pop up, for example, could be proof of a virus/malware or it could just be the computer doing a regular maintenance check. At least with a rule related to suspicious actions goings on, your employees will know how to report it.

Keep your team's eyes open also on...

These may also be a good fit for your IT Security rulebook:

  • Advise your employees about USB security such as how they should keep track of USBs (e.g wear them wherever they go), encrypting USBs and the dangers of using USBs when you are not entirely sure what’s on them.
  • Put rules in place about using secure keychains for storing credentials or implement strong authentication.
  • Make sure that employees know not to connect to insecure networks, such as public ones. And, if they do have to connect to these networks, remind your employees to use SSL encryption or VPN and to check for invalid security certificates.
  • Remind your employees about email safety. They should be wary of foreign email attachments and unknown senders and they should also know not to use their company email address with other services on the web as you cannot guarantee that their email address is safe with these services and things like this can happen.
  • Provide tips on how to avoid social engineering as malicious users may use phone calls or conversations in person to get confidential information out of them.

Think about training your team.

Advantio can help you getting your team up to speed with Cyber Security best practices to keep your business protected. We can help you create guidelines and spread a security culture among your employees.

Igor Mancini

Written by Igor Mancini

Marketing Director at Advantio. The articles published in the Advantio Blog have the goal of supporting our mission: making IT Security simple for everyone.

My intention is to discuss IT Security related topics with the eyes of a non technical person, speaking a simple language and trying to show to the readers the benefit of IT Security best practices.