Your Policies and Security Systems are Only as Good as Your People
After a murderous GPS led him into a lake, famed Dunder Mifflin boss Michael Scott said, “People will never be replaced by machines. In the end, life and business are about human connections.”
We all know companies depend on their employees to forge and nurture relationships with customers, potential clients, and other coworkers. But what we don’t often realize is how important employees are in helping your company protect its technology and sensitive internal data, too.
It’s estimated that approximately 74 percent of companies have experienced a security breach due to employees violating established security rules.
Find out what it would cost you to be down because of a security breach with our Free Downtime Calculator.
To make sure your internal systems and data remain safe and secure, it’s essential to train your employees on best practices for keeping your business and data safe. We encourage you to put the following policies in place and ensure your staff follow them consistently.
Adhere to Guidelines for Strong Passwords
A strong password isn’t optional; hackers and criminals are much more likely to breach an account with a password that’s easy to guess.
Employees should follow these guidelines when creating their passwords:
- Use a combination of lowercase and uppercase letters
- Incorporate special characters and numbers
- Use phrases
- Avoid passwords that include birthdays, student IDs, the names of pets or children, hometowns, vacation spots, or other personal information that’s easy to guess or find
While conventional guidelines state that passwords should be a minimum of eight characters long, it’s better to use passwords that are at least 15 characters long.
Follow Security Group Naming Conventions
Your security groups should use secure naming conventions that adhere to a set of guidelines that standardize the names and creation of future names. This will make it easier for you to identify your host names, user accounts, and other resources and assist you with managing and monitoring the security of your various accounts.
Secure Your Equipment When You’re Away
Even if they’re only stepping away from their equipment for a moment, employees should make it a habit to secure their devices. It only takes a quick glance from the wrong person (yes, sometimes it can be a fellow colleague!) to access and misuse confidential information.
This also applies to equipment that employees may temporarily use with their unique logins. When they’re done, they should always log out and multiple individuals should never share or use the same login credentials.
Declutter Old Files
Employees should regularly declutter their old files and permanently delete files they don’t need anymore. Files are a potential source of valuable information that hackers would love to obtain – not only that, but a drive that’s full of unnecessary files can slow down your computers.
Make sure employees take steps to confirm that the files are permanently deleted, like using special software that removes the file from the device’s hard drive.
Be Vigilant When Sending Emails
Email consistently serves as one of the main vectors for security breaches. While email is convenient for providing employees with a rapid, reliable means of communication, it also gives hackers the opportunity to steal your company’s information within seconds via a harmful link or malicious attachment.
Employees should follow strict usage policies to prevent an email-related security breach:
- Implement a Filing System for Emails
An email filing system isn’t only useful for organizing messages or quickly finding a specific one, but also for increasing the security of an email inbox.
For example, with a filing system, employees can quickly identify if they’re receiving a lot of emails from outside entities that pose a security risk. Organizing their emails also allows them to determine what messages have been dealt with and can be deleted, and makes it easier to spot incoming spam or phishing emails.
- Know What Not to Click On
Employees should never click on attachments from unknown users and should only click on attachments when they’re expecting to receive an attachment.
If they do need to click on an attachment, they should ensure that they’re using a device with tools that scan attachments for malicious files, like an antivirus software.
- Avoid Sending Internal Attachments
If your company doesn’t send internal attachments, employees will have little reason to click on a potentially harmful attachment from a trusted sender. Instead, encourage employees to use shared file storage to share files.
- Know How to Safely Send Files Externally
Employees will likely need to send files to external recipients at some point. In these instances, encourage employees to use password-protected links and add expiration dates that ensure the link isn’t accessible after a stated period. These guidelines make it more secure to add files and save valuable inbox space.
How to Bolster Your Company’s Security
All of the policies in the world won’t protect your company’s data if your employees don’t follow them. If you’re not sure of the state of your company’s security, contact us today to schedule a comprehensive network security assessment.