As a business owner, you can invest in the latest and greatest technology to keep your data safe and your systems secure. You can employ VPNs, firewalls, and end-to-end encryption to keep everything on lockdown. But no matter how much time or money you invest, the security of your organization is still going to be in the hands of your employees.
About 90 percent of all cyberattacks are caused by human error or behavior, adding a wrinkle of complexity to every cybersecurity strategy. Your employees aren’t perfect, and never will be, but you can help guard against these potential exploits by encouraging them to develop stronger cybersecurity habits.
Related: During Cybersecurity Month 2019, we offer you the free Oct. 23 webinar “Lessons Learned from Snowden’s former NSA boss: Strategies to protect your data.” Sign up now and get bonus content of three exclusive articles!
The Most Important Habits for Employees
These are some of the most important habits for your employees to have:
- Choose strong passwords and change them regularly. Make sure your employees are always creating strong passwords, and encourage them to change those passwords regularly. Additionally, it’s a good idea to have them use a different password for every app or system, even if it’s a pain to remember and access them all. Strong passwords don’t contain a common word or phrase. Instead, they appear like a random string of characters not associated with the person who created it (i.e., not a birthday). They contain a mix of upper-case letters, lower-case letters, numbers, and special symbols like exclamation points. They’re also long; eight characters is often the recommended minimum, but more is always better.
- Treat every link and attachment with scrutiny. Too many attacks occur just because an absentminded employee decided to click a link or open an attachment, which triggered the download of a malicious piece of software on their device. If your employees treated every link they came across with scrutiny, this would be a much smaller potential threat. Hackers are becoming increasingly effective at masquerading as trustworthy entities; they might claim to be one of an employee’s coworkers, or might present an attachment or link as a software company that your company actually uses.
- Download and install updates at every opportunity. Almost every app and piece of software has at least some vulnerabilities that could potentially allow a hacker to gain access to it. The good news is that responsible developers are constantly working to hunt down these vulnerabilities and eliminate them. When they find a potentially exploitable piece of code, they devise a patch to close the vulnerability, then issue that patch to their userbase. However, many employees have a tendency to delay or indefinitely avoid downloading and installing updates; accordingly, they don’t get the latest fixes, and keep those old vulnerabilities indefinitely. Make sure your employees have automatic updates enabled, or at least have good updating habits.
- Only rely on secured networks. These days, people work remotely with some degree of regularity. They work at home, in cafés, or on public transportation systems. However, this can be dangerous; if you’re using a public Wi-Fi network that’s not secured, someone could easily gain access to your web traffic (and your company device). It’s best to rely exclusively on private, encrypted networks over which you have control.
- Treat company hardware like personal hardware. Too many employees are negligent with their company computer because they see it as easily replaceable. Accordingly, they may leave it unattended at public places (even if only temporarily), or they may be willing to plug in foreign devices like flash drives to see what they contain. Train your employees to closely guard these devices the way they would a device of their own.
- Delete what you don’t need. The more data you have available, the more a cybercriminal can get away with. The more files and messages you have available, the more they can sort through to find information like passwords. Accordingly, it’s in your best interest to have employees delete whatever they don’t need the moment they stop needing it.
- Keep a clean desk. It’s also important to keep a clean desk. Many employees, out of convenience or laziness, decide to write down their new passwords and login credentials on sticky notes that they leave on their desks. They may also leave important papers lying out or other clues that could allow someone to gain access to their account. If your employees are conditioned to keep their desk areas tidy, this will be much less likely to occur.
Touching Base (and Ongoing Education)
It’s hard to police your employees at all times, so it’s practically impossible to know whether they’re following all these habits perfectly. Still, it’s helpful to touch base with your employees periodically and keep these cybersecurity habits top of mind. It’s also important to provide them with tools and resources they can use to continue their ongoing education. The more informed and up-to-date your team is, the better.