There are plenty of things your employees can do to make your business and their workplace safer. Here’s just a sample of some of the more important ones.
- Follow your security rules and policies. Which means you have to have some in the first place, you have to share them, and your employees must know there will be consequences if they ignore them.
- Protect their passwords. Password safety is not just about creating strong passwords and changing them often. It’s also about employees protecting their passwords, not writing them down where they can be found or hacked (like on a computer) and not sharing them with other employees.
- Ignore phishy emails. Phishing emails are still very effective in spreading malware and other threats. And advanced phishing schemes, like spear phishing, can be so convincing they can easily fool employees. So it has to be guard up, all the time. Trust, but verify.
- Surf more selectively. Where an employee wanders on the internet, and what sites they linger at, can determine their vulnerability to a host of web threats. One of the biggest threats is a watering hole – an infected web site lying in wait for every visitor (including your employees) to visit the web site, catch the bug, and bring it home.
- Believe that if security is good for business, it’s also good for their job. Sad but true, fear is a great motivator. If fear of the impact of a security breach on your business is enough for you to make security changes, same rules apply to your employees. If they can be made to understand that a data or security breach could result in layoffs, maybe they’ll think twice about the next online pharmacy they were thinking about visiting.
- Protect their laptops and other devices. The two worst things that can be on an unprotected laptop or smartphone are sensitive customer information and access credentials like a password. It doesn’t help if the devices store company secrets either. But the best way to prevent a missing laptop or phone from turning into a major security incident is to make sure employees don’t use them to store anything sensitive.
- Be careful on the road or out of the office. Like the knights of old, it’s easy to feel safe, comfortable and complacent behind castle walls, but things change when you’re out in the wild. Employees need to understand that security rules and practices follow them everywhere because hackers are everywhere.
- Beware of free Wi-Fi networks, and especially at hotels, coffee shops, and airports. Setting up a fake network with the network name WelcomeToStarbucks is child’s play, even for an amateur hacker. And a very easy way to eavesdrop on an unsuspecting employee.
- Be vigilant, challenge, and report. Encourage all employees to be vigilant around the workplace, whether it’s a stranger wandering around the office or sensitive data left unattended. Make it easy for them to take action when they see something suspicious, and even allow them to report it anonymously if they prefer.
- Lead by example. The greatest feature of a great leader is the ability to make others want to follow. If you don’t live, breathe, and talk security, why should you expect your employees to? Talk about security, as often as you can. And talk about it positively, as a business enabler and opportunity, and not in the way you might scold belligerent children.
Google Author: Neal O’Farrell