Recent high-profile security breaches have put small businesses on alert as many companies consider what they can do to protect internal data from prying eyes. When setting up information security policies, it’s important to consider this surprising statistic from a 2016 IBM study: 60% of cyber attacks can be traced to employees. In about 16% of those cases, the employee inadvertently helped an outside party gain access to information.
What can your small business do to help reduce the likelihood of a devastating data breach? By understanding the biggest threats, you may be able to refocus your efforts on educating and policing internal behaviors to ensure that data remains secure.
60% of cyber attacks can be traced to employees – how are you educating yours against threats? Tweet This
Require Strong Passwords
Employee password habits have long posed a risk to businesses, with many people preferring simple logins they’re sure to remember. Unfortunately, data thieves may be able to guess these passwords. Your IT department should set up password requirements to discourage lazy information security practices.
By requiring employees to come up with unique passwords made up of letters, numbers, and special characters, businesses can better safeguard themselves. Employees shouldn’t write down passwords, as this can negate security efforts.
Take Mobile Device Security Seriously
Whether an organization has a Bring Your Own Device (BYOD) policy or is issuing phones and tablets to employees, mobile device security is a serious concern. Not only should passcodes be required on all devices that access work data, but each smartphone or tablet should also be set up with remote data wiping capabilities. If an employee should lose a device, it can then be erased via the server to prevent sensitive data from falling into the wrong hands.
Remove Unauthorized Apps
When surveyed, 70 percent of IT professionals cited unauthorized app use as a significant cause of data loss. Cloud-storage services may be popular with workers due to their convenience, but they can allow malicious software to infiltrate a business’s infrastructure. With mobile device use ubiquitous among business users, it’s more important than ever that small businesses regulate and track employee app downloads, especially if secure company data will be stored on the same device as those downloads.
Guard Against Phishing
Phishing remains a concern among businesses of all sizes. The practice involves a fraudulent email or text that entices a user to click over to a website or provide confidential information. Both the message and the website look legitimate, and may even appear to come from a colleague or friend. As a result, employees will often share usernames and passwords, which go directly to an unauthorized third-party.
Education is the best defense against phishing. Make it clear that logins are not to be shared via email or text, and that any such request should be followed up with a phone call.
Share Your Data Security Policies
New hires should be provided with your data security policies. Ask each employee and contractor who accesses company systems to sign a form that indicates they’ve read the document. While this won’t prevent all instances of employee negligence, it will at least help increase awareness of the responsibility an employee assumes when using a business’s systems. Some businesses also send out reminder emails, especially if a certain type of attack is known to be impacting other firms. Through employee education and security restrictions at the server level, a small business can make it more difficult for hackers to access its systems.
Photo Credit: agnormark, Twenty20