7 Personal Security Best Practices to Teach Your Staff
It pays to educate your employees about basic cybersecurity. Often, security awareness begins with teaching people how to protect their own information. For example, if an employee understands how to protect their own banking information and sensitive data, they are more likely to apply that understanding to their day-to-day work life. As a business owner, it’s vital to invest time in teaching your team about basic cybersecurity hygiene – and through this effort, you’ll see the benefits spill over into your business. Let’s review seven personal security best practices to teach your team today.
1. Follow password best practices.
Most applications are still accessed using a username and password. Securing your personal information begins by following password best practices. Too many people assume that their information – whether personal or professional – simply isn’t likely to be targeted. However, many people don’t understand that all cybercriminals may be looking for is a small payout from a drained bank account or simple entry into a company’s larger system. Within the context of that discussion, encourage your team to think about the following issues related to passwords:
- Don’t use personal information such as a family member’s name, phone number or birth date for your password.
- Choose long and complex passwords that are a mix of numbers, letters and special characters.
- Don’t use the same password for multiple systems.
- Periodically change your password – at least quarterly.
- If possible, consider using a password management app to help make your passwords more secure.
- Don’t rely on passwords alone. Consider using double authentication where it’s available to make logins increasingly secure.
2. Defend against social engineering.
Social engineering is a trend that’s on the rise, where cybercriminals publicly gather information about a company and its employees to impersonate them. In the personal setting, criminals may use social engineering to attempt to authorize fraudulent charges on someone’s credit card account or open accounts in their name. Defending against social engineering starts with understanding where information is shared. Encourage employees to defend against social engineering by:
- Being strategic about what information you post online, in blogs, via social media accounts and even in emails. Don’t share information that could be used to hack an account. Think about details that could be used for security questions, like your mother’s maiden name or the city you got married in.
- Helping them understand common schemes to look out for – such as phone scams impersonating the Internal Revenue Service. Often, successfully preventing social engineering is as simple as recognizing when it occurs and being cautious about the information you make available.
3. Always use a virus and malware protection program.
Virus and malware protection isn’t just for the office – your team should be using it on their personal devices as well. These programs can be installed on laptops, desktop computers, mobile devices and servers to continuously scan for and screen out malicious messages and websites. When employees understand how to use these programs, they’re more likely to use them at work. And if they’re accessing company information on their devices, you’re more likely to be protected. Let employees know that:
- A variety of malware and virus protection programs are available; some are free and others require an annual or monthly subscription.
- Successfully incorporating a virus and malware protection program into your workflow is simple: install it on all devices that you regularly use, set up the programs to run automatic scans at regular intervals and continuously install updates to make sure you are protected against the most recent threats. With that in mind, employees are less likely to be intimidated and more likely to try this software.
The software is available at a range of price points; employees can purchase their own or you as the business owner, could consider purchasing it for employees as an end of year gift or incentive to participate in the security training.
4. Keep track of your mobile devices.
As mobile devices such as smart phones and tablets have become an important part of our business workflow, successful mobile device management is critical. It is easy for an employee to leave their mobile device unsecured or inadvertently leave it behind somewhere. Inform employees to more safely manage their smartphone or tablet by:
- Using a passcode or biometric authorization to protect access to your phone.
- Never accessing sensitive data on your mobile device using an unsecured wireless network.
- Enabling the phone or tablet tracking features so you can quickly locate your device if it is lost.
- Using double authentication when accessing email accounts or banking apps on your phone.
5. Only access sensitive files on a secure network.
Network security isn’t just for the office; it matters when your team is accessing sensitive files on their own network as well. Teach your team about basic network safety by focusing on:
- Password protecting your network and following password best practices.
- Using a firewall, such as the one provided by your Internet service provider, for additional protection.
- Considering the use of a virtual private network (VPN), which is available for free or for a small fee, if accessing business files from home or particularly secure documents.
6. Incorporate continuous backups.
Some cybersecurity threats today can target important data – both business and personal. An example of a threat against data is ransomware, a malicious program that gets deployed when an employee clicks on an infected link or is infected by another computer on the network. Once the program has been deployed, data is inaccessible, or even deleted, unless a ransom is paid. One important way to help protect both personal and company information is to use a backup solution. While ransomware is most commonly associated with business threats, criminals are increasingly targeting private users. Help your employees understand the risk here by educating them about:
- The basics of ransomware and similar challenges.
- The importance of regularly backing up personal data on either a hard drive or a cloud-based software. Signing up for a backup service and running it at regular intervals protects personal information, including digitally stored documents, photos and more.
A cloud backup solution will create a copy of data stored on a device or server and host it at another location. Another option is to use a physical backup option, such as a hard drive connected via USB, but that requires manual backups. Many people use both. Should your data be hacked or corrupted, it can be restored or accessed from this other source. It’s important that note the data is only available from the last point that it was backed up which underscores the need for regular, reliable backups.
7. Be aware of evolving threats.
Cybersecurity education isn’t a one-time event. New threats are coming on the scene every day. Help your employees develop good common sense around cybersecurity threats and to recognize common threads of suspicious activity. Strong pattern recognition can help your team identify emerging threats and not fall victim to them. However, as an employer, it is in your best interest to stay on top of new types of cybersecurity risks and to educate your team by:
- Encouraging them to sign up for their home virus protection software provider’s newsletter.
- Looking into what regular updates your enterprise software provider publishes – such as a blog or newsletter – and forward important updates to the company.
- Asking someone on your team, such as an IT resource or office manager, to monitor information about evolving threats and periodically review them. Dedicate a few minutes monthly during a staff meeting or include a small write-up on the company’s intranet, for example.
As a business owner, having cybersecurity-savvy employees is your best line of defense against threats – especially paired with the right technology tools and careful third-party provider selection. Take the time to educate your team on these top security best practices. When you help them understand how it can protect their personal, sensitive information – such as financial data – your employees are more likely to bring the same level of awareness to the workplace.
Looking for more small business advice? Check out the NetNext Small Business section.