As much as a company wants to protect confidential information, much of the responsibility, in practice, rests with its employees. The weakest link in the security chain is always the human: he looks for shortcuts, can be fooled, and sometimes does not act with all the caution that he should.
That is why your company’s workers must know the essential practices to keep data and equipment safe. Although some may seem like common sense to you, you must pass them on: not all members of your team will have the same background in terms of security, so you should start with the most basic.
Ten Cybersecurity Tips That Every Company Should Give Its Employees
1. Confirm the identity of anyone who requests information
A piece of beneficial advice for receptionists, ‘call centre’ or technical support employees, human resources personnel, and other professionals whose work, in one way or another, requires providing data on certain occasions. Attackers often take advantage of these workers’ naivety or good faith to collect information in the simplest and most obvious way: by asking for it. To do this, they pose as suppliers, customers, or other members of the company who have a legitimate excuse.
It is essential that your team members know these tactics and ensure that the person on the other end of the phone or email is who they say they are before providing any information.
2. Passwords, always safe
With the passwords that we use for our accounts, certain precautions must be taken into account, with which they give access to corporate information even more. First of all, follow the usual recommendations to create a good password: do not use the same one in several sites (and less if one is personal and another company), avoid containing too apparent details about the owner (birthday, name of his dog, his favourite soccer team …) and make sure it is made up of numbers and symbols as well as letters, combining upper and lower case letters.
Also, in the business context, it is essential to ask workers to refrain from writing down the key on a post-it (unfortunately quite common) or a note below the keyboard. Finally, and returning to the previous point, never reveal your password to someone who requests it by phone or email, even if they ensure that they work in your company’s technical department or in that of the firm that provides you with the tool.
3. Your hard drive is not bomb-proof
Saving information related to the company’s activity or its clients on the computer’s hard disk is, in general, a bad idea. Desktops break down and are exposed to failures or attacks that can lead to the loss of valuable data. Laptops too, and can also be stolen or lost. Better to ask employees to store files on company servers – if any – or on a cloud service.
If they still need to keep information on their computers’ hard drives, they must make frequent backup copies to recover the material if something goes wrong.
4. The backup is useless if you lose it at the same time
It seems common sense, but it happens more often than it looks. If workers are using a laptop and making backup copies to a USB stick, they mustn’t store or transport them in the same place. Practical example: if your computer backpack is lost or stolen and the USB memory is inside, both the originals and the backup copies will have been lost.
5. Data storage and transmission over the Internet
As we said, the best solution when the company cannot afford adequate internal storage is to use a cloud service, either to save documents there directly or to store backup copies. In general, cloud service providers are more prepared than small or medium-sized companies to deal with all types of incidents, including cyberattacks.
However, there are some dangers associated with using online tools that are similar to those already described in previous points. The security and confidentiality of the data stored in virtual warehouses depend, among other things, on the password used by the worker, on not being fooled by whoever intends to access with dubious intentions, and on following certain precautions when using them: no upload work documents to personal accounts, access cloud services from protected computers and through secure connections, etc.
One of the main tools cybercriminals use to sneak into an organization and steal data is email. If your employees have a corporate account, the first thing they should try is not to use it for personal purposes or provide it on publicly accessible sites (for example, on a forum or a website that everyone can access). Otherwise, you could end up on a spam mailing list and receive emails that, in addition to being annoying, can be dangerous.
In general, the best advice you can give your workers regarding email is that they never respond to an email that comes from a suspicious or unknown sender, much less open or download its attachments. They could hide malware capable not only of affecting your computer but, in some cases, the entire company network.
7. Do not install programs from unknown sources
Again, they should only trust what they know. It is common for companies to restrict the ability of their workers to install new programs on their computers through operating system permissions. However, if they have sufficient credentials to run new software on their machines, you should ask them to avoid downloading from unknown or suspicious pages. They shouldn’t even browse them. The browser is also a gateway for cybercriminals on many occasions.
The most recent risk and therefore one of the most unknown or undervalued. The activity of a company’s workers on platforms such as Facebook or Twitter can be detrimental to the company in some instances, beyond the decrease in productivity that it may or may not entail. We recently warned, for example, of the alarming number of selfies taken in critical infrastructures that can be found on social networks such as Instagram.
9. A good antivirus
Before using any computer or mobile device that will connect to the Internet, the first thing to do is install a good antivirus. If this measure is essential in domestic environments, in the corporate environment, it becomes necessary. An enterprise security solution protects your organization’s computers and data in many circumstances, even when employees make a mistake or recklessness. Make your staff aware of it.
10. The easy way is usually more unsafe
This lesson is not for workers; it is for you from your employees: if you make things too difficult for them, they will find a way to circumvent your harsh security measures. Everything we have explained to you is common sense and essential, but do not go overboard.
If you ask them to change their password every week, prepare yourself for a barrage of post-its taped to their monitors. If accessing a tool they use to do their job becomes too complicated for security reasons, they will use another (or worse, the one they have for personal use). If they don’t know how to store files your way, they will find their way, probably insecure and unreliable.