Contrary to popular belief, cyber attacks can affect small businesses. In fact, hackers often target smaller companies because they expect them to be less prepared and fortified.
As a business owner, understand that your employees may be your best line of defense against these attacks.
Protecting, Empowering, and Leveraging Employees.
According to data published in the Verizon 2019 Data Breach Investigations Report, 43 percent of all cyber attacks target small businesses. In other words, your small business isn’t just at risk of getting caught in the crossfire – it could actually be a target for cyber criminals who are looking for easy, unprotected victims.
While there are numerous steps you can take to protect your organization against cyber threats, it’s wise to start with your employees. They’re the ones who control the ingress and egress of information, protect and use data, and have relationships with people outside of the organization. They access confidential information, know more than they probably should, and don’t always possess an accurate understanding of the external threats the organization faces in a dynamic and hostile digital ecosystem.
Your employees have a direct impact on your company’s overall security. They either expose you to risk, or they help protect you from it. Here are some thoughts on how you can turn them into powerful assets who fall into the latter category.
Security Awareness Training.
When employees understand that they are (a) the organization’s weakest cybersecurity link and (b) the first line of defense against cyber attacks, they’re open to being educated and trained.
“Security awareness training provides every employee with a fundamental understanding that there are imminent and ongoing cyber threats, preparing enterprise employees for common cyber attacks and threats,” Secureworks explains.
Good security awareness training consists of both repetitive training and ongoing testing. A thorough strategy will deal with issues like spam, phishing, spear phishing, malware, ransomware, and social engineering.
Password Security.
You might think cybercriminals use complex strategies for hacking into important systems, but they’re not typically that advanced. They prefer the front door to the back door – which means they like cracking passwords and logging in the old fashion way.
“Train your employees on how to select strong passwords. Passwords should be cryptic so they cannot be easily guessed but also should be easily remembered so they do not need to be in writing,” Travelers advises. “Your company systems should be set to send out periodic automatic reminders to employees to change their passwords.”
It’s also smart to set up multifactor authentication, which creates an additional security layer. It typically requires the user to have both a piece of knowledge – like a password – as well as a physical device – such as a smartphone.
Software Updates.
Software updates are annoying. We all know that we need to install them, but in our fast-paced workflows, we never take the time to do them. This has to change. Vendors don’t just release updates for fun – they do so to close up loopholes and overcome vulnerabilities. Make sure your employees are updating when they should (and that they’re doing it in a security-conscious fashion).
“When a software update notification is received, don’t click on the link included in the email or pop-up window. Instead, go to the software company’s official website,” Invision advises. “The latest updates can be found, downloaded and installed from there – completely avoiding the risk of installing malware disguised as a software update.”
BYOD Policies.
There’s no getting around bring-your-own-device (BYOD) programs. Except in very high security scenarios – like government and military settings –employees have an expectation that they’ll be allowed to use their own smartphones, tablets, etc. Businesses must respond with robust BYOD policies that put strict stipulations on what employees can and can’t do.
Now’s the time to revisit your BYOD approach and address any weaknesses or flaws that may be present. From there, be sure to fully educate employees on any changes and hold them accountable for their actions.
Adding it All Up.
Your employees won’t become a strong line of defense by accident. You must make a concerted effort to train them so they feel prepared and empowered to protect the organization from ubiquitous cyber threats.
Now’s the time to develop and hone your strategy.