According to a recently published survey in “The State of Endpoint Security Today,” 87 percent of IT managers agree threats have become more complex over the past year. Every year we read about more cyberattacks and serious data breaches affecting entities of all sizes, from local government offices and small-to-medium-sized businesses to sprawling enterprises like Facebook.
What you may not realize is that your biggest liability in cybersecurity isn’t hackers or malware – it’s your own employees. But the good news is they don’t have to be. With the right training, policies, and procedures, you can turn your employees from the weak link to your greatest cybersecurity asset.
Here’s how to do it.
Require password best practices
Establish company password guidelines for server, application, and device access, and make sure your employees know how to apply best password practices, including:
- Strong (complex) password creation
- Two-step authentication
- Regular changing of passwords
Cybersecurity experts recommend complex passwords that include passphrases. Passphrases are easier for humans to remember, yet are harder for computers to break because they are much longer. For example, you could set your Amazon password to: “Let me in! I want to buy things I really don’t need just because I’m bored”. Passwords should not be personal dates (birthdays or anniversaries) that are easily guessed, nor should they be a single word found in a dictionary (English or otherwise).
Changing a password regularly can prevent misuse of compromised credentials by outside hackers, former employees, or careless colleagues. Passwords should never be shared and writing them down – even in a “safe space” – should be discouraged.
Once complex passwords that are unique to each account are in use, they must be stored in a secure location. This is where password managers come in. A good password manager ensures only you hold the key to unlock your passwords. It should keep all stored passwords encrypted until you specifically request decryption for the password you need and then provide it to you in plain text.
Two-step authentication goes a long way in preventing unauthorized access to your business networks, employee emails and password managers . Many applications offer multi-factor authentication (MFA) options that require multiple steps or a combination of something you know (password) and something you have (your phone) to complete the login.
Actively promote safe web browsing
Solid passwords do little good if your employees are careless in their email and internet use. Therefore continuous employee education on safe computing is critical. The tactics of cyber-criminals are ever-evolving so you need to keep them up-to-date on how to protect themselves and your organization.
Make sure that employees know how to recognize suspicious emails, attachments, and links. According to KnowBe4, 91% of all cyberattacks originate through phishing attacks, when an email pretends to represent a trusted entity to convince the recipient to share sensitive information, download an attachment, or click on a link. In most cases, this leads to the installation of malicious malware on the computer or mobile device that is designed to quickly spread across the network.
Malware can expose your systems to further infiltration, copy keystrokes and capture sensitive business data, or even overload and crash your servers.
While no method is 100-percent foolproof, employees can help protect your networks by following simple security tips when working online:
- Never share login, password or sensitive information via email or text message
- Mouse over a link without clicking to see the actual site URL
- Only download attachments from known and trusted sources
- Update spam filters regularly
- Update antivirus and malware detection software regularly
- Beware of emails that urge you to take action quickly to avoid an adverse event, a common tactic used by cybercriminals
- When in doubt, just don’t. Most recognized banks, corporations, and government agencies offer secure website access instead of requesting information via an e-mailed link
Proactively update systems & software
System and software developers are constantly working to improve security. It’s in their best interest to take your security as seriously as you do. But it’s very easy to ignore or put off installing those updates.
Make sure your employees understand how important it is to accept updates to installed software when prompted. Educate them to tell the difference between a legitimate program and spoofed programs carrying malware.
Work with a partner
The best way to make sure your employees are an asset and not a liability is to find the right IT partner who can help you develop and implement the right training, policies and procedures. When you work with a cybersecurity expert, they can help with the development, communication and implementation of everything from employee training to a custom, multi-layered network defense plan. A good cyber defense requires both technical and, even more importantly, operational excellence. The bad guys only have to get it right once but you have to get it right every time.