As a business there are so many different things you can do to help keep your data secure. The problem is that, no matter how secure your systems are, human error is still a factor. Unless your employees understand the basics of security, you are still at risk.
It is essential that you take the time to advise your employees on the security basics they need to know. It will help to keep your data secure and ensure your employees know all they need to in order to continue working in a safe environment.
Don’t leave devices unattended
You would be surprised just how many employees will leave devices unattended. If you leave the office and intend to take a business meeting elsewhere, you might visit a coffee shop. Your employees might put their coats and bags down by a table to join the queue for coffee, leaving their devices unattended.
This might not seem like such a big deal. You may be convinced that your staff will constantly have their eyes on their things. After all, do you ever take your eyes off of your items when you go anywhere? You will, and so will they, which is why it is important to make sure they keep devices on them at all times.
It might seem like a basic security thing to make sure you don’t get robbed, but it is also important for your business. If your employees are logged into your workspace, or if they have important information and documents saved on the device, you are at risk if these devices are stolen. Ensure that your employees take good care of their devices and you’ll have nothing to worry about.
Check your emails
There are so many different ways for you to send information to your employees. Most will have a work email set up, and because it is related to work they might not be good at checking just who those emails are from.
This is a big risk, especially if they open up the emails without verifying the source first. It is easy for hackers to create emails to trick you into giving away important information or clicking a malicious link, as they can copy the layout of emails.
Your employees should be aware of phishing emails and what they look like. You can see an example of a phishing email below. First of all, check the sender. It might say that it is from a website or user you trust, but the email address might be different. The language of the email also tells you a lot. If it doesn’t fit the style you are used to, it is best to check the source. You can always contact your bank to see if they have sent any information out to you via email. If they haven’t, you know it is a scam. You need to be wary when clicking links too. You can find out the true origin of the link by hovering over it. If it tells you it is a redirect or a suspicious website, don’t click.
Phishing emails can pretend to be from a number of different sources, but more often than not, as Which? tells us, they appear as banking and government scams.
Phishing emails may look convincing, but it is always worth checking the source before you click on any links!
Connecting to networks
You can get access to the internet pretty much anywhere you go. Many major cities now have free Wi-Fi for you to use as you walk around. All you have to do is register a few details and you can get access to your work emails and cloud sharing on the go!
The danger for your employees is that it is very easy to set up a public Wi-Fi. Hackers can create a network specifically to gain access to vital security information. They might name the network to make you think that it is your local coffee shop, when actually it is not.
You should start by encouraging your employees to not use public Wi-Fi for work. If they do have to, get them to check the network they think they are connecting to is actually valid. They can simply ask a member of staff for the name of the Wi-Fi to confirm, and if they still aren’t sure, they are best avoiding these networks altogether.
You should start by encouraging your employees to not use public Wi-Fi for work. These can be sniffed by any attacker also connected in the same network and are best avoided.
Setting secure passwords
You are encouraged to have a different password for every single log-in you use. This can get incredibly difficult to remember. Sometimes employees will get lazy and simply use one password for all log-ins… or they might just write their password down on a post-it note and leave it attached to their monitor so they don’t forget it.
We shouldn’t have to tell you that this is bad practice. The problem is that many employees don’t know how to set secure passwords. The world’s most common passwords were revealed earlier this year, and believe it or not a number of the passwords were things like “123456”, “qwerty”, and even “password”.
There are so many different ways to create secure passwords. If you aren’t sure where to start, here are a few tips. The longer a password is, the harder it is to crack. That is why many websites suggest your password is over a certain number of characters. You should also mix in numbers and symbols with letters. However, don’t simply replace letters with numbers. Believe it or not, “p455w0rd” is just as easy to guess as “password”, because these are common replacements.
Some people are tempted to use quotes, or the lyrics from a song they love, to try and create a secure password. The problem is that they can be guessed. Instead, you should take a sentence and turn it into a password. For example, “On a Monday morning I always buy four pints of milk from the store and pay £1 for it” can then become “OaMmIab4pomftsap£1fi”. It may look like a random mix of letters and numbers, but it means something, and your employees can then come up with something memorable to them.
Authentication for extra security
Whether you use social media or shared workspaces during the day, you will probably have heard of authentication. This is where you have a two (or sometimes even three) step process in order to log in to these websites and workspaces.
Often, this process involves sending a text message with a code to your mobile phone, or using an app which gives you details about the time, date, and IP address of the log in.
This is something you can set up with all of your employees. If they carry their smartphone with them all of the time then this will add an extra layer of security to each log in. That way, even if they do have an unsecure password, hackers will need to get through another protective barrier before they have access to your data.
Browser settings
Your browser settings also play a huge part in the security of your employees. If you just go with the default settings, you will clearly be able to see everything they have done in the browser. You can see the websites they have visited, information they have entered into forms, and things like that.
In order to stay secure, it is a good idea to adjust your browser settings to fit your needs. For example, many have auto-fill enabled (as you can see in the image below). This might seem like a good idea when you are doing things like online shopping, but malicious websites and hackers might have forms hidden from sight. You may not be able to see them, but they are there. If you have auto-fill on, your browser might then add this information to the form without you realising it.
Thankfully many browsers give you the option to delete your history, and any information you have entered, when you close the browser. This means that you don’t have to worry about doing these things manually. It means that your address bar won’t complete a web address for you, but it means that your information is more secure, so it is well worth doing and will take no time at all.
Settings such as the auto-fill can add additional information to unseen forms on the site, giving away important data
Backups are important
Plenty of employees keep important documents on their computer. We tend to work from one specific device, which means we put all of our work in one place. You can set up cloud sharing to ensure the information is backed up, but as we saw back in 2014 with the iCloud hacks, the cloud isn’t as secure as we’d hope.
Unfortunately, devices can fail. Are you sure that your employees can continue to work on another device if their current one fails? The chances are no, because all of the information they need is located on that one device.
This is why it is important to have a backup in place. Cloud sharing is a popular solution, as you do not need to be connected to anything but the internet and you can set it up to automatically update. However, if you are not convinced by the security then you can get external hard-drives to do the job for you. That way all you have to do is plug it into a new device when you make offline backups and disconnecting it when it is not needed . Offline backups can also protect you from one of the Internet´s biggest modern threats, the ransomware.
The key here is making sure your employees use these devices. Many offices have them in place, but individual employees aren’t aware of the correct way to use them. This is why it is part of the basic security all of your employees should know.
Keep software updated
Vulnerabilities in your system tend to happen when there is an update. Updates are there to ensure your software is current, but also to fix any problems or cracks in security. By not updating, your devices are open to hacks and your data being stolen.
In a lot of businesses, it is up to your employees to stay on top of the updates. Most computers will inform you when there is an update, or they will update at times of day when the computers are not in use. Sometimes, however, your staff will be asked to install an update for something they want to use at that moment in time.
If they refuse the update, and then forget to install the update later, they are leaving your system open to attack. Employees should keep on top of updates, and if something needs to update during the day, they should be encouraged to do so.
This is especially important when it comes to anti-virus software. Anti-virus software should always be up to date, and your employees should regularly run scans. You can actually set your anti-virus to run full in-depth scans at a certain time of day, such as when you finish work. This means that they are up to date and your employees can set the best time themselves, if you show them how. So take the time to show them.
If in doubt, ask!
There are some security issues that people aren’t fully aware of. For example, your employees might receive an alert on their computer telling them to update something. It might be a piece of software they never use, or one that they never even knew existed on the device.
We mentioned earlier that keeping things updated is important, but sometimes you can get malicious software on your device, waiting to be installed and updated to find flaws in your security system.
Your employees need to know that they can ask questions about security if they need it. For those of us in the business of cybersecurity, their questions might seem as though they have obvious answers. However, you should assume that your employees have no basic knowledge of security.
If they come to you with questions, answer them. It can really help to keep your data security and your employees happy. Best of all, they will continue to learn more about security the more questions they ask, and so their knowledge of cybersecurity will only improve in time. After all, it is better to ask a question about an unusual update pending than simply accept it and allow a hacker into the system!
Security basics you need to know
As we’ve mentioned earlier, a number of people use computers without a solid understanding of how security works. They will assume that their device does all of the hard work for them, and that they can simply use the devices in any way they want without worrying.
If the device is set up in the right way then this can be true. However, most of the time it is not. The default settings often aren’t secure enough for your needs, which is why it is important to take your employees through the security basics they all need to know.
It can seem like a lot to take in, but the sooner you help your employees understand how important this information is, the more secure your workplace and data will be.
- Why you need to train your CEO before your employees - September 14, 2017
- Your computer may be a zombie! - July 25, 2017
- All You Need To Know About GDPR - July 4, 2017
Comments are closed.