In a survey by Wombat Security Technologies, more than 30% of employees didn’t even know what phishing or malware was. It would be worth your time to have an informal survey of your own employees to see what your percentage might be. This statistic alone should be enough to explain the value of empowering your employees to help protect your business.
Despite your security software and your firewalls, employees—not technology—are the most common entry points for phishers. Probably because employees are anxious to contribute to company success, they can be vulnerable to clickbait and trusting of fake identities. But you can train everyone who has access to company data to recognize how security threats are likely to present and what to do when a threat is identified.
Key Topics For Your Employee Training
Employees should be able to explain the terms spam, phishing, malware and ransomware, and social engineering. Explain that spam isn’t only found in emails. Spam is also part of social media messages and invitations, as an example, an “invitation to connect” on LinkedIn can be carrying a virus.
Phishing scams pop up all the time, so both veteran and new employees should see examples of what a falsified email might look like, who might have sent it, and what company information it is asking for. Legitimate internal emails, for example, will not be asking for usernames, passwords, personal information or financial information about the company.
Provide tips for employees who could be tricked into downloading the malware or ransomware that can attack and damage the functionality of a device.
Social engineering is when the bad guys disguise themselves with fake but trusted online identities, and then they trick an employee into disclosing proprietary company information.
Policies And Password Protocol = Protection
Browsing on the internet has become a cultural addiction. Whether it’s a quick look at a Facebook feed or a quick cruise on favorite sales sites, it’s going to happen in the best of companies. But as a business owner, you can and must have strong policies about the use of your company computers. Have clear policies about the types of links that can be clicked on, with examples of when, specifically, not to click (like links in unexpected emails or links in anything caught in a spam filter.) Don’t be afraid to have published guidelines for internet browsing and social media usage on company devices and when using company email addresses.
And for passwords, well, you probably know what I’m going to tell you. Use a password manager app and incorporate 2FA (2-factor authentication.) Don’t expect employees to be masters of clever passwords. Choose an app that will assign difficult passwords when needed, and then can routinely replace them with new ones on a set schedule.
Your employees can’t know what they don’t know. As a part of the sustainability plan for your business, include employee cybersecurity training by a reputable IT company. And plan to budget for regular refreshers, and maybe have a program with your IT company where they secretly test randomly chosen employees with spam or phishing, just to see who might need further training.
Cybersecurity awareness and preventative practices are now as basic as paying your utility bill. Learn more about it if you need to. You can call Aptica LLC and ask questions anytime.
Jason Newburg, 260.243.5100, ext 2101, is the founder and owner of Aptica LLC. This IT management and support company has been serving small to medium-sized businesses for 16 years in the region that includes Angola, South Bend, and Fort Wayne, IN, Battle Creek, MI, and Toledo OH.