Your company might use iron-clad network protection and implement encryption across the board. However, your data and systems are still at risk of a cyberattack if you aren’t focusing on employee awareness. This risk exists because employees are behind a significant chunk of data breach incidents. These basic steps can help to raise employee awareness and ensure your company is protected.
Human Error Is a Major Cybersecurity Weak Point for Businesses
Employee negligence is a major cybersecurity issue for businesses of all sizes. Shred-It’s Ninth Annual Data Protection Report revealed that human error continues to be the driver of most data breaches. Fifty-three percent of C-suite executives cite external human error or accidental loss as primary problems. Twenty-eight percent of small business owners feel the same way. In the report, Ann Nickolas, Senior Vice President of Stericycle, says, “For the second consecutive year, employee negligence and collaboration with external vendors continues to threaten the information security of US businesses.”
A data breach can have severe consequences when you add up reputational damage and lost revenue. Employee retention can be a problem as well – 33 percent of respondents in the Shred-It survey stated that they are likely to seek employment elsewhere after their employer experiences a data breach. That goes for both breaches of consumer and employee data.
According to the 2020 Cost of a Data Breach report published by IBM and the Ponemon Institute, the average cost of each lost record is $146. As losing thousands of records during a breach is common, shoring up your employees’ cybersecurity habits is well worth the effort.
Use this security checklist for in-office and remote employees to figure out what steps your company can take to reduce the risk of a breach.
1. Train employees to recognize phishing emails
Email phishing attacks are common. With this type of cyberattack, a hacker sends an email that appears legitimate and asks the recipient to share information or download a file.
To protect against phishing emails, it’s important to use advanced email protection, which will help to weed out spoof emails and other external threats. Also, make sure all of your employees understand what a phishing email looks like, what the risks are if they fall for one, and what they should do if they spot what they think might be a phishing email message.
2. Password Security
A strong password policy is often the first line of defense against cyber attacks, yet many organizations continue to follow outdated guidelines that expose them to significant risk.
According to Verizon’s 2020 Data Breach Investigations Report, lost or stolen credentials remain the number one hacking tactic used by malicious actors to perpetrate data breaches, with compromised or weak passwords responsible for 35% of all breaches.
While sharing a password might seem convenient and harmless, it can have serious consequences. Passwords should never be shared with others. Period.
Use different passwords for different accounts. That way, if one account is compromised, at least the others won’t be at risk.
Password Length & Complexity
Length trumps complexity. The longer a password is, the better. Use at least 16 characters whenever possible. Make passwords that are hard to guess but easy to remember.
3. Require Multi Factor Authentication (MFA)
With Multi Factor Authentication, even if a hacker steals an employee’s password, they still will be locked out of their device or system. This is how it works: an employee will use a password and another identifier such as biometric data or a code sent to their email or phone number. Since a hacker can’t steal biometric data and likely doesn’t have someone’s device, as well as their password, their chances of breaking in drop to nearly zero.
4. Establish a data breach policy
What an employee does after a suspected data breach will determine how quickly your business recovers. If they don’t act quickly by alerting your IT team, a hacker may have enough time to infiltrate your systems and do extensive damage. With a fast response, it’s possible to lock down your network and mitigate the risks.
Tell your employees who they should contact if they notice a suspicious email, receive a security alert, if their device is stolen, or if they believe something is amiss with your company’s networks. Also, let them know they won’t be reprimanded if they fall victim to an attack. Employees should know they have their employer’s support. Otherwise, some people may not speak up when there’s a problem.
5. Discuss mobile device usage
If employees are using their smartphone or another personal device for work, teach them how to use their devices securely.
- Always install the latest updates to ensure they’re using the newest operating system. These updates often include critical security updates.
- If your company isn’t using a virtual private network (VPN), employees need to be very careful about what network they use when accessing business apps remotely. Only log on when using a secure network. They shouldn’t ever use public networks such as those found in coffee shops and airports.
- Practice good flash drive hygiene – only use company-issued drives. Once one leaves the office, it should be wiped clean or discarded upon return.
Make Cybersecurity a Part of Your Work Culture
Following cybersecurity best practices such as using two-factor authentication, avoiding suspicious emails, and practicing good password security can go a long way in protecting against an attack. But, if cybersecurity isn’t a part of your work culture, it’s easy for these best practices to be forgotten.
Cultivate a cybersecurity-aware culture by openly talking about risks, updating your employees about new best practices, providing training for new employees, and refreshing knowledge with regular internal messaging such as company-wide emails or training meetings.