You Need A Security Solution... And More
Data security for your company and your employees doesn't just start at the security solution you've installed for your team.
Even the most secure сompany in the world needs to have its employees working together, and working smartly, to remain secure and protect company data.
It's A Team Effort
The reason for this is that not all cyber threats can be stopped simply by installing a powerful Endpoint Detection and Response (EDR) system, or the latest internet security software and encryption software, or having a strong firewall and updating your operating system.
In fact, some threats come at your users themselves, and your team will need to take action to prevent these attempts from working.
Why Small Businesses Are At Risk
A data security breach occurs when unauthorized users gain access to customer data or other pieces of your company's data. This could be as a result of a flaw in the operating system or poorly configured security software.
This could also be due to policy failures such as weakly managed employee access, a user attempting to use their own device despite advice to the contrary, or any number of other issues.
Hackers like to target small businesses because they're less likely to have the latest security solutions and expertise to protect them. Many organizations store lots of important data, so hackers go after the easiest targets to find more login information, more sensitive information, more money, or anything else they can get.
You Still Need A Security Solution
That's not to say that having the best security solution available for your team isn't a good idea. It does mean that people also play an important role in making sure your business is secure. Your workforce, particularly when it comes to a remote workforce, needs to take security considerations into account.
You'll want to educate your employees to take all the necessary steps to make sure they're not getting hacked and to keep their accounts and personal information secure.
Here are five simple things you can tell your employees to help them improve data security and protect company data:
Don't Warm Up To Unknown Phone Calls
Your employees should know to be very careful about incoming calls even on a customer line. One of the easiest ways hackers have to get into your company's information is to convince someone to just give it to them.
Your employees are your first line of defense against phishing attempts, malware and even hackers who want to get information from your company. Your employees should be on guard when it comes to suspicious calls.
How A Scammer Behaves
Important organizations such as government entities, vendors, etc. will not generally conduct business by contacting via phone and immediately requesting information from the person on the other end, such as verifying personal data. This type of behavior is almost certainly a scam.
Another behavior that hackers and scammers often exhibit is to be uncharacteristically friendly to their target, to try to get them to lower their guard and give away information - of any kind. Even something as innocuous as 'the boss is out of town today', to a stranger, could compromise company security in one way or another, often in a way you might not expect.
You should be encouraging your team to be suspicious of anyone who calls in, even if they claim to be someone familiar, such as family members of the team you've never met before.
Social Engineering Is A Real Danger
Many hackers are good at convincing your employees to give them access to sensitive information, which will allow them to break into your information system with ease.
The more you instruct your users not to divulge company information without properly vetting the source, the better. Ensure that you remind remote workers in particular to verify suspicious emails. This will help protect the company's data and secure it it against phishing attacks.
Don't Share Your Passwords With Other Users
Passwords are the first level of defense at protecting your bank accounts, intellectual property, email accounts, social media accounts, databanks and more. If your passwords are stolen then you're in all sorts of trouble.
For this reason, your employees should know they should never share accounts or passwords with anyone. In fact, they should never write those passwords down either. If you need to record a password somewhere, then make sure you encrypt them, or put them in a digital vault.
Don't Share Your Passwords With Other Sites, Either
Furthermore, employees should know they shouldn't use the same password between different sites. Hackers often try known email/password combinations on different sites just in case something might work, so that means that one compromised password could endanger several accounts for a user. It's better to use different, strong passwords for each site.
The best solution is to use a password manager, but in any event, you'll want сompany employees to know that they shouldn't share passwords with anyone.
Use Common Sense
Common sense should be applied. You should tell your employees to never share passwords with anyone, not to store passwords on a computer or smartphone, and not to use the same password for different sites.
A password manager will enable your employees to easily use a single login to manage all of their different passwords, enabling them to be secure without having to remember dozens of different passwords.
Don't Use Default Settings for Your Email or Social Media
Your email provider, Facebook, Twitter and many other sites all have default settings that are easy to use. The sites can automatically share logins and If you're not careful, you'll end up giving away your personal information, even if you don't mean to do it.
Your employees are probably going to use social media and personal email at work unless you specifically disallow it. (If you do without a very good reason, they might not be happy about it.)
Social Media Accounts Are Vulnerable
Unfortunately, social media accounts are among the most commonly hacked types of accounts. Social media is a great way to find new customers, connect to potential clients and learn more about the market. However, some companies have been hacked because employees were not careful about their security on social media.
Between unsecured wi fi networks, lax password protection, ad hoc remote work arrangements including public wi fi, and other insecure internet connections, it's easy to lose access to a social media account. Combining hacked social accounts with shared passwords for company resources is a recipe for disaster!
Don't Give Away Your Personal Information
To make sure you're not giving away your personal information, you'll want to make sure you change the default settings of these accounts.
For example, on Gmail, you'll want to go to your account settings, then under the General tab look for security. Here you should see steps to take to make your account more secure, including enabling forced login, which will require you to enter your username and password before opening a new tab in your browser. Your team can consult the IT department for more guidance.
Check Websites And Emails Before Taking Action
One way that hackers can unwittingly install software on computers is called spoofing. In this type of attack, a hacker will send out a fake email from a trusted business (or even from an individual like a co-worker) asking for a response.
The email will often look like it's from a legitimate company, featuring a trusted logo, registered trademarks and business-like language. However, it's designed to fool users with malicious links and deceptive language.
If you respond with details about your company or your personal life, the hacker will know that you're a real person, and that this means of communication is a good way to get a hold of you.
Knowing that a live person is on the other end is the first step to gaining access via social engineering. All it takes is one mistake for a hacker to get in, but more importantly, it takes one person to make one mistake.
Spoofing Isn't Just An Email Concern
Similarly, a hacker might also put up a fake webpage that looks like a real company's website. The website might ask for a login, and a user might mistakenly use their real credentials to log into this site.
Of course, the user might not notice, but rather silently get passed to the real site while the credentials are saved to a file and used later.
To prevent this, your team will want to make sure that any email they receive has a legitimate signature in the email. They can do this by hovering over the sender information. You'll also want to make sure that you check the website address in the email.
Don't Click Links If You Don't Recognize Them!
Finally, your employees shouldn't just click on a link that someone has sent you in an email until you thoroughly check out where the link is going. They should double-check the address bar, the website, and anything else that could be considered suspicious. If they have even the slightest doubt, they should not click on the link, and contact the IT department for guidance.
A spoof email will have an address that's slightly different from the expected address. For example, if the real business email from your company is support@yourbusiness.com, the hacker's email could have the address support@yourbusiness.com.co, or even an Outlook or GMail account. Don't give out information to these emails!
Don't Leave Sensitive Information On Your Company Devices - Or Personal Devices!
We've all been introduced to remote working by now. Your company probably uses laptops, mobile phones and other mobile devices as a matter of course.
Most modern devices are good to be used for mobile access and remote working arrangements, enabling users to access documents and other information on all their devices even when they're away from the office.
That's great for mobility and flexibility, but it does cause a problem when it comes to storing sensitive documents and other important information.
A Distributed Workforce
You shouldn't store important data on a mobile device, if you can help it at all. Your teams' computers, smartphones and any other devices your team uses that has internet access is susceptible to hackers. Data breaches from any source put your customers at risk.
Storing personal data, such as name, identification numbers such as social security numbers, or login information on these devices can make it easy for someone to steal your data. And if there's any of the company's data on that device, that's at risk too.
Just as your employees won't want their own data out there, they wouldn't want to the responsibility to protect data your company keeps. Keep your company's data secure by ensuring your team follows the rules.
Don't Store Sensitive Data On Employee Devices
Again, keep as much sensitive data as humanly possible protected by not storing it on these types of devices in the first place. Hackers often are able to gain access to a lost or stolen mobile device very easily, even if there's a password on the lock screen. Furthermore, even if you have the device, there's no guarantee of good security on public wi fi networks, even if you use VPN access.
Second, make sure that you delete all sensitive data after you've deleted a user's account from a company device.
Be Careful About Regulations
Importantly, if your company is one that's subject to stricter data regulations, such as a bank, you may be required to use third-party software to perform a forensic data wipe of the hard drive.
Third, any time you need to store such data, you'll want to store it in a password vault where it's encrypted and secured. A password vault is preferable to storing passwords manually, or using a single password for all accounts.
More Ways To Secure Mobile Devices
You should advocate users to use a virtual private network as often as possible, in order to create a secure connection to your company network, and a good multi factor authentication method in order to protect their passwords from being discovered and subsequently changed.
Finally, be sure you enable encryption on any external drives that you use to store data, such as USB drives or portable hard drives. This will give additional data security in the event that the device is lost or stolen.
In Conclusion
A good security solution, such as an Endpoint Detection and Response solution, is key. Keeping your operating systems and other software current, using good antivirus software, and other technical security measures will never stop being important.
Hackers are always finding new ways to get past the security measures that your company has in place, so staying on top of these new methods for security is key.
You'll Still Need A Good Security Software Suite
Antivirus software, security patches, encryption software and other security measures for company computers are always going to be important. But it doesn't mean your team can ignore other threats or trust incoming messages too much. Your company is only as secure as the weakest link.
Manage your cyber risk
Your Team Is A Part Of Your Security Solution
Attacking the weakest link is the most obvious way for hackers to try to steal company data, but it also provides a good point for your employees to start to learn to be more conscious of.
Data breaches are serious, and can cost your company a lot of money. That's why, along with good data security solutions, you need to educate employees about what they can do to protect your business. Keep your company's data secure.
Contemplating Endpoint Detection and Response (EDR) solutions for your business? Discover if EDR is the right cybersecurity approach to protect your organization. Click here!
Empower your employees to be proactive in cybersecurity. Learn five practical steps they can take to enhance their online security and protect your business from cyber threats. Click here!