Employees can be your best defense against a cyber attack, but also among the easiest targets for cyber criminals. Giving your employees proper cyber risk training can help limit the impact of an attack, and has been shown to reduce the cost of a data breach by $16 per compromised record, on average.
Here are ten steps to help your employees become savvy cyber defenders.
1. Educate employees on your data incident reporting procedures
In the event of a breach, employees should know what steps to take to report the incident, and should be able to act quickly. Create a cyber breach response checklist they can easily access and follow.
2. Teach your employees how to identify suspicious emails and links
By clicking the wrong link, an employee can release malicious software, disrupt your network and enable hackers to steal your data. Work with a cyber risk expert to develop a robust policy for safe browsing and internet usage, and make sure all employees understand and follow the policy.
3. Develop a list of trending email scams
More than ever, hackers are using email scams, such as social engineering and phishing attacks, to entice email users to click malicious links and/or provide confidential information. Train employees to recognize these attacks, and keep your workforce current with regular updates on cybercrime trends.
4. Train your employees to create strong passwords
Passwords should be a combination of upper and lower case letters, numbers and symbols and should be memorized — not written down. Set automatic reminders for employees to change their passwords every three months.
5. Instruct employees to lock their computers and to back up data
Employees should keep computers and other devices locked and in a secure place when not in use. Make employees accountable for installing current virus protection software provided by your IT security team; pushing security updates to employees will help make it easier and boost compliance. Employees should also be responsible for conforming to company data backup guidelines.
6. Instruct employees to use only authorized software
Do not allow unlicensed software on any company computer; it could make your data susceptible to malicious attacks. Create a process for employees to request software that is not on your current approved list.
7. Teach your employees to understand their role in data security
Every employee has a responsibility to protect company data, and that responsibility includes legal and regulatory obligations with regard to privacy and confidentiality. Make sure employees understand their duty, the impact of a potential data breach on the business, and how they can play a defensive role.
8. Train employees to be conscientious about email usage
Keep employees aware of current email scams, and train them not to respond to email from anunidentified source, and to verify any unusual requests for information from managers or colleagues. Provide a quick reference guide that helps employees differentiate between legitimate and suspicious emails.
9. Educate employees on the proper use of social media for work purposes
Clearly communicate company policy with regard to registering, posting and receiving social media invitations; make sure employees know when not to engage or accept a request.
10. Share your mobile device policyWhether employees use a company-owned or personal device for work purposes, they must be trained to understand the potential dangers of public Wi-Fi and how to safely share files while mobile. Develop a quick reference guide, and use push alerts and prompts to maintain awareness.