Your employees are the lifeblood of your company.
From customer service to operations management to marketing, everyone has their specific role in helping your company offer your customers the best goods and services. But everyone needs access to company data to get their job done, which can risk your data security.
Do your employees know what to do when they get an email scam or lose their company phone? Having data security processes clearly defined and easily reviewable will help your team feel confident in their data protection knowledge.
Want to tighten up your data security from the ground up? Here are seven things your team should know about data security!
How to Spot Phishing, Smishing and Other Malicious Activity
For most phishing, smishing or other malware to work, it needs to trick an unsuspecting person into downloading it. It’s important to ensure your employees have the tools and knowledge to not fall for these scams!
Phishing scams are becoming more believable with time — from impersonating a specific boss to mentioning company information. Teaching your company to trust their gut and go through a quick checklist before downloading anything from websites, pop-ups or emails can significantly cut down on introducing malware to your online data.
When your employees get an email asking to download a file, they should ask questions like:
- Does the email look suspicious?
- Does it have an unnecessary urgency to the messaging?
- Do I recognize this email address?
- Do I understand the context around and content of the file?
Suppose they come up with any question marks around these. In that case, they should reach out to the sender (via a different thread or form of communication) to confirm the validity of the outreach.
Proper (and Improper) Use of Company Devices
We all wish we could trust employees to keep internet activity on work devices well within the realms of work activity, but sometimes even the most professional employees head into an internet gray area. When employees let go of caution and head into questionable internet territory, it opens work devices to phishing and dangerous downloads.
This may rub some team members the wrong way, but setting strict guidelines on acceptable and unacceptable professional device activity can reduce data security risks.
Set the precedent that professional devices shouldn’t be connected to personal activity. Some companies may choose to enforce this through additional software that monitors or limits online activity.
By staying transparent and communicating, your employees will understand that these protections are not to act as “big brother” and are only in place to secure company data.
Do your employees understand the full scope of USB safety? These tiny data sticks can significantly impact your data security!
All company employees should be encrypted and include password verification to access any USB data. If a company USB is lost or stolen without this security step, it would only take a couple of seconds for a hacker to have access to sensitive company data.
Find an unclaimed USB in or near your office? Yes, it could be a coworker’s lost USB. But it could also be a trick to introduce malware to a company computer and create a backdoor for malicious activity. Have a process to turn any found or unclaimed USBs to your IT department for security screening and a safe return to the rightful owner.
The Threat of Social Engineering
When your customer service providers take a call, do they know how to verify the caller? For some companies, it’s second nature to have these practices in place. But others may not — and that’s where mistakes can be made.
For example, one ethical hacker who specializes in social engineering posed as a weary mother to a customer services provider and got unauthorized access to a stranger’s account in less than 60 seconds. While this type of hacking is not common, it is extremely effective against an unassuming employee.
Hackers don’t just live in your computer — they can call over the phone or even come in person to try and gain sensitive info or access to accounts. It can come in the form of a distressed mother with a baby crying in the background or a friendly person asking for a little favor. Having verification questions like asking for an official email and special pin number can weed out any malicious activity from honest callers.
What to Do if a Device Is Lost or Stolen
Yes, having your laptop stolen is inconvenient. But do you ever stop and wonder if it was stolen for the device or the data inside? For example, a laptop containing the names, Social Security numbers and credit card information for 84,000 University of North Dakota alumni was stolen from the car of a contractor hired to develop software for the University. The value of the laptop is pennies compared to the value of that information.
Unfortunately, lost or stolen devices are a part of any business — especially with remote or hybrid work models. From company phones to computers, a thief now has potential access to your virtual desktop and company info. The longer you wait to act, the more time they will have to crack your system.
Your team should know to report stolen or missing devices, even if they suspect they will find them eventually. An informed IT team can suspend accounts, cut ties with cloud data and take other useful precautions to bar anyone from breaching your data.
How to Safely Use the Cloud or Virtual Desktop
One of the best benefits of leveraging cloud storage and a virtual desktop is employees can have a fully-operational workday from anywhere! While that can lead to more flexibility and productivity, it can also slightly increase the risk of human error. Have specific processes for data organization and activity that are clear to both in-office and hybrid workers.
Do you have parameters in place for remote workers? Establishing these limitations can clarify what is considered appropriate for workers everywhere;
- Can your employees log onto public WiFi?
- Can they work from a public place like a coffee shop?
- Do they know to never leave devices unattended when running to the bathroom or grabbing a drink?
- Do they need to set up a specific workstation with an approved WiFi connection?
Deciding what is appropriate for your company will help your team shape their daily work environment.
Proper Account Credentials Habits
Did you know that 20% of 2021 data breaches were due to compromised credentials?
There are so many costly examples of big data breaches that stemmed from weak or easily crack-able credentials. For example, Microsoft suffered a cyberattack that targeted hundreds of thousands of on-premises servers across the United States. This attack affected local governments, government agencies and businesses, exposing email communications and sensitive data. This hack was achieved — you guessed it — by stolen passwords.
Yes, your employees know how to set up and use a password. However, you should ensure that everyone uses the best-possible password habits to cut down on any chance of mistakes. This can look like this:
- Updating passwords regularly
- Never use the same passwords for multiple accounts
- Choosing a strong password with letters, characters and numbers
- Never write down passwords on sticky notes or in notebooks
- Select 2-factor authentication when possible
- Only request admin access when absolutely necessary
This seems simple, but following these best practices can significantly impact the overall safety of your data.
Ways to Spread the Message of Data Security
Sometimes, a company-wide email just doesn’t cut it. If you want your employees to understand the importance of data security, your message needs to be clear, actionable and diversified.
Make it a conversation
Reading information is great, but having training or group sessions around data security can lock in the tips and clear up any confusion around what you want out of employees.
Make the information readily available
To maximize the effectiveness of the message, make sure it is easily reviewable by your team. If they have to go through old emails to find the instructions, they may skip that step. When you create an easy-to-find space for tips, best practices and security instructions, your team will be more likely to review the information.
Make it actionable
Information is great, but your team needs to know what to do with that information. Tailor all tips and best practices to your specific company processes.
Sometimes team members need to see successes (and mistakes) in action to emphasize the importance of data security. Share case studies and stories about the impact of data breaches on your industry. Something as mundane as password safety can be the difference between safe data and a costly breach. So make sure your team understands the real-life risks of human error.
At MDL, we prioritize implementing the best practices for your business when it comes to data storage and security. With affordable solutions for businesses of all sizes and industries, MDL Technology is there for your IT needs. Contact us today to learn more.