Security awareness training teaches employees about vulnerabilities in and threats to business operations. Cybersecurity should be part of the onboarding process for all new hires. Moreover, regularly-scheduled security refresher training courses should be a requirement for all employees. When you embed data security into your company’s culture, your employees become your best defense against cyberattacks. Read on for 10 tips for employee cybersecurity.
10 Tips for Employee Cybersecurity
1. Emphasize employees’ critical role in data security.
It should be every employee’s responsibility to protect company data. This begins with the understanding that passwords should not be shared, unsecure websites should not be visited, and e-mails from strangers that include attachments should not be opened. Consider implementing multi-factor authentication to add an extra level of security, even when complex, hard-to-figure-out passwords are in place.
2. Establish document management and notification procedures.
Employees should be educated on your company’s data incident reporting procedure in the event that an employee’s computer becomes infected by a virus, begins operating in any unusual way (e.g. – running excessively slowly or crashing for no explained reason), or displays a questionable warning message or alert.
3. Train employees to select strong passwords.
Passwords should be cryptic so they cannot be easily guessed but will be highly memorable for the user. Moreover, passwords should be regularly changed. Here at EZnet Services®/EZnet Scheduler®, we require e-mail passwords to be changed every few weeks. That’s because cybercriminals are finding more and more sophisticated ways of “cracking the code” on passwords. As a result, the more frequently you change your passwords, the more difficult it will be for cybercriminals to figure out what those passwords are and use them to get into your computer system and e-mail account. You might even want to consider implementing multi-factor authentication.
4. Restrict employees’ ability to install software.
Your computer system is the lifeline of your company. Unlicensed software downloads could make your company susceptible to malicious software that can attack and corrupt your company’s data. Therefore, all employees should be instructed to use only company-authorized or company-installed software.
5. Train employees to avoid suspicious websites.
Train employees to avoid following website links that come from questionable sources and websites that are suspicious. Such links can release malicious software, including ransomware, can infect computer systems with viruses, and can enable cybercriminals to steal your company’s data. By the same token, your company should also establish safe browsing rules and should impose limits on employee Internet usage in your workplace.
6. Require employees to follow responsible email-use protocols.
Knowing how to spot suspicious and potentially dangerous e-mails is your first line of defense against cyberattacks at your company. Employees should be aware of scams, including phishing, and should not respond to any e-mails that come from addresses they do not recognize. Further, employees should be instructed to open e-mails only if they meet the following criteria:
- Comes from someone they know or from whom they are expecting to receive an e-mail.
- Comes from someone who has had a legitimate reason to send e-mails to them in the past.
- Does not look odd, does not contain unusual spellings or characters, and is grammatically correct.
- Passes your anti-virus program test.
7. Train your employees to recognize common security risks.
Employees should be aware of and know how to avoid common security risks like phishing, social engineering, online fraud, and web-browsing risks.
8. Implement an employee social media policy.
Educate your employees on the risks of social media usage and communicate, via a written policy, your company’s rules and guidance on such social media usage. Likewise, employees should be informed, via a written policy, of your company’s policy regarding their use of their company-issued e-mail address to create social media accounts or to post content or comments on social media.
9. Implement an employee mobile device policy.
Communicate to employees, via a written policy, your company’s mobile device policy for both company-owned and employee-owned devices used during the course of business.
10. Train employees to safeguard their computers.
Train employees to lock their computers or keep them in a secure place. Critical information should be regularly backed up, with backup copies stored in a secure location within your company. All of your employees must understand that they are responsible for accepting virus protection software updates on company PCs, laptops, tablets, and smartphones.