Employees are a first-line defense against threats such as zero-day attacks and breaches. It is critical that they are made aware of basic methods that will maintain the company’s digital integrity. Whether your organization is large or small, training your employees can go a long way towards keep your IT infrastructure secure. Here are 5 ways that you can educate your employees about IT security:
1. Instruct employees about phishing scams
A phishing scam often takes the form of an email. Cybercriminals can do a world of damage after obtaining organizational information or by installing software on a computer.
Phishers appear as legitimate and credible people from a particular organization. Emails will often appear to be from a known source. According to Travelers, which offers cyber liability insurance, employees should be trained to scrutinize e-mails to determine whether they are legitimate. Valid e-mail:
Comes from someone they know
Comes from someone they have received mail from before
Is something they were expecting
Does not look odd with unusual spellings or characters
Passes your anti-virus program test
Instruct workers to keep company (and personal) information private and report spoofing to their managers.
2. No weak passwords
The best thing for you to do is actually set automatic password policies on systems so that passwords have to be secure. Still, training on password security can still get employees to understand the dangers of weak passwords. Chances are if they are using (or want to use) weak passwords at work, they probably use them at home for their personal accounts. Explaining what can happen when weak passwords are used can “hit home” and make your employees more cyber security aware at all times, a win-win for your organization.
The recently released Digital Identity Guidelines from the National Institute of Standards and Technology contains important information on how to create strong passwords. It might surprise you, because previous “best practices” are now considered obsolete. Essentially, it is recommended that you:
Why? Because the longer the password, the tougher it is to crack. Even with special characters and a mix of uppercase and lowercase characters, shorter passwords are easier for hackers to gain access to compared to longer phrases.
3. Clearly define and explain BYOD Cyber Security Policies
Most companies still don't have a policy in place! Is your company among the 36 percent with a policy?
Which employees are eligible for access?
Should you require data as well as app or device restriction?
Management approval should be necessary
4. No downloading of unauthorized software
Many system threats are disguised as programs that are free to download on the Web. Make sure that employees know that they should not allow this sort of potential threat onto network devices and terminals. Better yet, lockdown the enterprise systems so that users do not have the ability to install them in the first place.
5. Meet to conduct IT security training
Discuss a cyber-security case study or two. Cover steps that employees can take to improve cyber security at home to personalize your message.. Work with employees to develop a continuing conversation about IT security issues and share interesting case studies with a problem/solution approach. For example, what if an employee accidently downloads malware? What action(s) should they take immediately?
No matter what, make sure there are consequences in place for non-compliance with IT security policies and procedures. This way, your organization can avoid cyber incidents that are expensive, not only in terms of cost but time as well.
Editor’s note: Originally published January 2014. Updated September 2017.
Since 1999, Jacqueline has written for corporate communications, MarCom agencies, higher education, and worked within the pharmacy, steel and retail industries. Since joining the tech industry, she has found her "home".