3 Things Employees Can Do To Help Protect Against Cyber Threats
Cybersecurity in the workplace is a team effort. Ensuring that the business remains safe from cyber threats is the responsibility of all employees in a company who have access to a company computer or company electronic device.
Practice Security Mindfulness
If something seems suspicious, treat it suspiciously. Employees, who work with the business operational systems and files all day, will be the most likely to notice suspicious events happening with those systems or files. Too often, however, employees who are not trained to report on suspicious behaviour will put off reporting on it right away deeming it a glitch that will resolve itself at some point later.
With proper training, employees will learn to practice the proper mindfulness when it comes to security so that they can identify issues that should be reported right away. For example, losing access to network files, which could be a network issue but could also be a much bigger issue with the system being encrypted during a ransomware attack.
Personal Device Usage Permission
When there is no specific or outlined policies which dictate whether personal devices can be used for access to company data, the default often becomes, ask for forgiveness and not permission. Personal devices, however, are usually not as strictly controlled as business devices which means there may be no endpoint security, no 2 factor authentications, no firewall (if being used at home) – this can be a detriment to a businesses network and data as it allows attackers a much easier path to target their attacks.
Establish a company policy on personal devices – that policy should include who needs access from their personal device, and what the minimum security requirements are for gaining that access. Make sure employees need to request permission to use their own devices. While owned by the employee, personal devices must be treated like company assets from a security standpoint, or the business should provide the necessary devices.
From the mail clerk to the CEO, if anyone calls for or requests access to a system or for sensitive information, make sure there is a policy in place for regaining that access or information. Social engineering is a real threat – passwords should not just be handed out, financial transactions should not just be processed, company information should not just be sent. Ensure that employees are asking the relevant questions and following the correct procedures to provide the access or information being asked for, no matter who the asker is.
By following these basic guidelines, employees at any company can help keep their company safer from cyber threats.