Did you know that the global cost of cyber crimes will go over $2 trillion by 2021? It’s also just not government agencies or large corporations that have to worry about cyber attacks and data breaches. Small businesses are actually the biggest target for cyber criminals because they often have smaller IT teams and less security.
Top Tips for Employers to Prevent Cybersecurity Risks from Employees
Are your employees protecting your company from cybersecurity problems, or are they unknowingly opening up major holes in your networks, which could allow security breaches and data leaks.
1. Create Stronger Passwords
Many companies are now requiring stronger passwords with longer and more complicated strings. One employee’s weak password could put your entire organization’s network and data at risk. However, many employers let their employees choose and set their own password for important applications that link directly to company and customer data.
There are lists of the worst passwords and best passwords, but every company should develop a policy and allow IT to select certain passwords in areas where there are vulnerabilities. You may need to talk to your employees and provide training on password security to improve this process, which can ultimately save you from a lot of cyber headaches down the road.
2. Watch Out for Phishing Scams
If your employees or even company departments post their email publicly on websites, then you’re opening yourself up to a lot of unwanted email from spammers and scammers. Phishing scams are still one of the leading causes of vulnerabilities, particularly in small businesses that don’t have any email security.
Employees also need to recognize what phishing emails look like, such as suspicious links, spelling mistakes, requests for sensitive information, and typically very urgent language that makes it seem like you have no choice but to provide this information. Employees should be warned of suspicious domains and email attachments, as downloading anything from a phishing email could put viruses on your network that may be hard to identify at first.
3. Discuss Process for Software Downloads and Installation
If the marketing department finds a new SEO tool and downloads this new tool off of a website, is it secure enough for your company? Does it connect to any networks or applications that could infiltrate your servers? These are some of the issues that aren’t considered by small businesses when trying to leverage new tools in the workplace. If applications need sensitive access, your IT and cybersecurity team should investigate first for any security vulnerabilities prior to installation.
In fact, you should limit all downloads on company machines, especially private downloads off unsecure networks. You also want to make sure that all downloads are checked through a comprehensive antivirus and spyware program.
4. Always Address Security Updates and Protocols
What if your application needs an update? Will it change anything on your server’s settings that could make it vulnerable? Constant reminders to update your software can be annoying, but in many cases, companies are on older software for a reason: they don’t want to solve for new security issues after the update.
However, many hackers learn vulnerabilities on older software, which is why security updates are so important. You should update your virus definitions and software daily, but you also want to do a thorough cybersecurity audit every month or each quarter to identify new risks. However, other industries have entire teams dedicated to round-the-clock cybersecurity monitoring.
We're here to help! Call Ekaru at 978-692-4200
Want to learn more? Download the info sheet to share with your team.