Strengthen your defenses
Even if your business is using updated software, firewalls, and antivirus protection, your employees could create a cybersecurity risk.
Lack of employee awareness is part of the problem: According to a 2019 study
, 66% of business leaders at small to medium-sized businesses don't think they will fall victim to a cyberattack, even though 67% have experienced a cyberattack within the past year. In fact, 18% rank cybersecurity as their lowest business priority. And seven out of 10 believe
that passwords are their first line of defense against a security breach.
Understanding what employee actions endanger your business is key to preventing them. Common causes of employee-related cybercrime include:
This plays on employees’ trust to trick them into revealing sensitive information. Tactics include “phishing” (sending an email pretending to be from a vendor, bank, or other trusted source) or “vishing” (calling someone on the phone to obtain sensitive information).
Disgruntled current or former employees with access to your network can wreak havoc.
Downloading malicious files
Employees may carelessly click on links or open email attachments containing malware.
Ignoring or disabling security software
Employees may do this to speed up their computers, access forbidden websites, or install software for personal use.
Thoughtless mistakes such as losing laptops or mobile devices, using weak passwords, sharing passwords with others, or not following security protocols can cause data breaches.
Employees may use public networks or non-secured cloud-based services such as Dropbox or Gmail to store data, share files, or access email.
With a full understanding of these risks, you can take steps to protect your business by training your employees to take cybersecurity seriously.
Develop a policy for computer, mobile device, and internet use
Communicate the policy and emphasize that adherence is a factor in promotions and performance reviews. Offer incentives for compliance with the policy and for reporting security issues.
Provide mandatory security awareness training for all employees (including executives)
Topics covered should include social engineering, the importance of using strong passwords and keeping them secret, securing mobile devices, and safely using the cloud. Conduct training at least annually—more often if needed.
Restrict employees’ access to sensitive data unless absolutely necessary
Monitor network use and require passwords be reset at least every six months. When employees or contractors leave your business, remove their access immediately.
Despite your best efforts, employees will still make mistakes. Safeguard your business against human error by using technology
with native (built-in) security features such as:
Lets you manage the security of mobile devices, lock and wipe devices, destroy data on hard drives if a device is lost or stolen, and automatically update or enable firewalls and antivirus software so they’re always current.
Used alone or with passwords, is more secure than passwords and doesn’t slow employees down.
Keeps data safe even if a device is lost or stolen.
Lets you remotely audit, block, and override employees’ attempts to share data.
Allows only authorized users to retrieve documents, lessening the risk of employees leaving sensitive documents lying on the printer for prying eyes.
By staying alert to the latest cyberthreats affecting your business, and following the best practices outlined here, you can help protect your business from a potentially devastating data breach.