Look around the office. Everybody’s using their own phones and tablets for work. Getting a cloud app is as quick and easy as an online download. And all the company data that’s accessible through personal devices goes right out the door with them at the end of the day. You probably don’t even want to think about how many smartphones and tablets are casually set down on restaurant tables every night, or how many 5-year-olds pick up and play with the devices at home.
Let’s face it: These days, even your very best employees can present a huge threat to the security of your critical and sensitive business information. It’s just the nature of the beast when work data is so readily available. That easy accessibility is great for productivity, but not so good for IT security.
Fortunately, there’s a lot you can do to reduce the risk to your company – and much has to do with educating and engaging your employees in the effort to do business securely.
Start with a solid device and network use policy
The first thing any company should do to protect work data is create a thoughtful, well-crafted policy for PC, personal device and network use. Every employee should have to sign off on it, affirming that they’ve read it and they understand it.
Having a policy like this can head off all kinds of problems before they even occur, especially for startups and small companies. It’s your first line of defense against, say, an account being hacked because of a weak password or an employee inadvertently infecting his or her device with malware or adware simply by downloading the wrong app.
Your policy can be as strict as you think it needs to be – anything from an absolute no-downloads or no-personal-devices rule to something a little more flexible. Just keep in mind that an absolute “no” can be off-putting to employees, not to mention just about impossible to enforce. But this zero-tolerance approach may be necessary if you’re in healthcare or another line of work where data integrity and privacy aren’t just desirable, they’re legally required. Your IT services provider can help you determine what type of policy makes the most sense for you.
Teach about threats and train employees to avoid them
Just because you have a policy in place, doesn’t mean employees will follow it. To motivate compliance, you need to help employees understand what the threats are, where they exist and how much is at stake.
The onboarding process is your first opportunity to share information about potential threats to data and how to avoid them, but it’s just as important – if not more so –to conduct regular ongoing training that ensures employees always have the latest information on potential threats.
Ongoing training is critical when you consider how quickly the threat landscape is evolving. For example, ransomware has been around for at least 10 years, but it recently mutated into a new form that doesn’t just lock you out of your data, but also encrypts it (so even if you find a way to get the data back without paying a ransom, you won’t be able to use it). Employees need to know when a new or escalated threat emerges, how it can enter the environment, what they can do to avoid it and what it could cost if they don’t –making frequent training an absolute necessity.
Follow through beyond the office (without being “Big Brother”)
In the age of mobility, protecting the data employees have access to even when they’ve left the office is essential. It’s also a little tricky, because you don’t want workers to feel like you’re inappropriately inserting yourself into their private lives.
Again, a little education goes a long way. Help employees understand the importance of securing their devices so not just anyone can pick up their smartphone or tablet and potentially view sensitive corporate data.
If you still have trouble getting some employees to take data security seriously, share this sobering statistic from the National Cyber Security Alliance: 60% of small and midsized businesses that suffer a data breach go out of business within six months. In that light, data protection is job protection.
As you plan how to educate your employees about data security, understand that education, while vital, works best as just one part of a much broader approach. You also need computer, device and network security that includes multiple layers of protection against security threats. Get the big picture in this infographic.
The purpose of this blog is to answer the questions you ask! We take business security very seriously- check out more information and tips from our related security posts! We encourage you to reach out with questions, comments or feedback by contacting us.