The weakest link in your security program is always going to be your employees. Most people are too trusting, too gullible, and too uninformed when it comes to computer and network security. A hacker does not need great skill or fancy software tools if a simple social engineering exploit such as a phone call will get them the user credentials of one of your employees.
The best solution, and possibly the only solution, is to provide training to your employees so they can learn what the threats are, what an exploit might look like, and how to avoid them. Coupled with the security and privacy policies you developed earlier in this process, you have a reasonably effective way to keep your employees informed about threats to your business and their employment.
Be sure to inform them about security basics such as:
- Let the security products run so that threats can be found and removed early. I’ve watched employees cancel a scheduled security scan because it “Makes my computer slow.” Encourage them to play through, or schedule scans for before or after hours.
- Only install approved software. Downloads often contain hidden malware and Trojan horse programs.
- Create long and complex passwords. Avoid using the same password everywhere. Do not send your password in an email, or give it to someone over the phone, even if they claim to be from “tech support.”
- Email – when in doubt delete it. Never click on a link in an email unless you have confirmed the source of the email and the destination of the link. You can submit a suspicious link to VirusTotal to confirm if it is valid or dangerous.
- Make sure your data is being backed up regularly, or stored on a central server that is being backed up regularly.
- If something seems suspicious or questionable, speak up! Most of the time people are clever enough to be concerned, but they go ahead because they don’t want to appear computer illiterate. Encourage a critical, questioning, or even suspicious mindset around computer security issues.
And again, please check out StaySafeOnline.org for more information and helpful links.Share