Almost every business owners are concerned about their IT security, and what they believe is the single risk to their data. It can be virus, ransomware, backup mishap, hard drive crash, it can be any of this. Researchers say that the biggest threat to your organization is your employees. This is according to Verizon research of last year, which reports of 58 percent of data breaches in the healthcare sector come from insiders.
User (employees) are your largest risk because they don’t have the technical skills, and it exploits your systems. Nevertheless, you cannot fire all of your employees, and make the place perfectly safe. No, that is not the way to deal with it, but train the employees to spot the security risks before they are introduced to the workplace. According to a Forrester report, 2/3 of all organizations face an average of 5 or more breaches in a year.
Get started by conducting quarterly training on security awareness. Encourage them to question you, and tell them what it means to open an attachment from unknown people. We were all taught not to take candy from outsiders.
Topics to refresh and train on each quarter should include:
According to an article by Daniel Schwartz on Forbes mentions that 37 percent of ransomware is initiated disbursement is from an email attachment, 27 percent is from an email link, and 16% is from a website. That means that 83percent of ransomware infections could have been prevented by proper training
- Email is for work communication, so don’t open anything non-work-related, and don’t check your personal email on a work computer.
- Do not click on hyperlinks in emails. Instead, copy them to a browser or learn to hover the mouse over an address to see if it is real. That will show you the encoded destination.
- Your company’s policies and procedures for getting support and allowing support to access your computer. Users should sign a new appropriate use policy (AUP) document each year. The items on this document should be covered in your quarterly discussions.
- Password changes and requirements: Remind people not to use their pets’ names, etc. Passwords should be random and without meaning, and they should never be shared.
- Don’t give out the company’s internal Wi-Fi password.
- Don’t use personal devices on work Wi-Fi — use the guest network if available.
Technology is ever-expanding and an integral part of companies today. Security needs to be a top priority. Implementing routine user training along with your existing security measures will save time, money and stress.