Guest Author: This week’s blog was provided to us by Theo Schmidt, an independent blogger. Schmidt has an interest in computer science and engineering, which he uses to fuel his blogging. You can learn more about him on Google+.
No matter your line of work, company cyber security is something that should weigh heavily on your mind. Whether it be phishing scams or malware attacks, it is important to ensure that employees know what they are expected to do to prevent and avoid security breaches.
It is important that employees realize that the sites they visit can negatively affect the entire company. Typically these sites are not sought after but are brought on via email or links from other sites.
A company can help to prevent visitation to harmful websites by installing a powerful firewall protection. However, employees are at the front lines of defense. They must be trained and reminded that bad links can be just as dangerous as anything else on the web.
Scammers and phishers know what they’re doing when they try to trick people into giving up information. Sometimes an email is an obvious scam—a prince in Nairobi is asking for monetary donations or something equally ridiculous. Other emails can be a bit trickier though.
Email scammers are getting smarter and better at making the email address look legitimate. Often they will attach a file that they want downloaded disguised as a form or important information. However, once the file is downloaded the company’s security, data, contacts, and even financial information can be at risk.
Employees should exercise extreme caution when downloading any file, whether they think they recognize it or not. In general, it is smarter to keep computers as clean as possible and storing only work-related materials.
When employees are asked to log in to sites they are not familiar with using their company login information, plenty of information is automatically given up to the intruding site. From there it is possible that they will be asked to download files, give up more information, or the site will simply have the password and username on hand for whatever they wish to do.
Logging in to an untrustworthy site is an easy albeit foolish mistake to make. It is important to make employees aware of the risks at hand. Companies can still protect themselves with encryption software and training to help employees spot these scamming sites.
Additionally, it is key that employees recognize the importance of keeping the company’s data safe and secure. This means that not only should they do what they can to keep it safe inside, they won’t let it be leaked outside as well.
Information can be leaked via blogs, emails, or anything else. Employees should keep passwords secret and frequently change them. Passwords should never be repeated on multiple sites.
Keeping employees up on security procedures is a process. Employees won’t change their behavior overnight nor will they decide to care about the company’s security on a whim. It must be made a part of their everyday job expectations to work against cyber threats. Just like any other positive behavior in employees, it should be recognized and reinforced.
In the war against scammers, human error is the bigger problem. According to Comptia, 55% of breaches are due to mistakes made by employees. It can be difficult to spot potential problems because so often fake websites, emails, and links look real. However, the flaws are in the details.
Companies that store important data like electronic medical records, financial records, and other personal information are at a high risk of intrusion. Employees must be trained to diligently watch for signs of a breach in cyber security. So long as they know what to be aware of and what threat they themselves could pose, they can help the company by becoming part of the defense and less of a liability.
For more information on data protection, check out the Practice Studio website.
To learn about storing company information in a secure location, click here.