Airtight firewalls and current-to-the-minute defensive software aren’t enough to keep your organization safe from cyber attacks. Your IT team could be doing everything right, and your company may still be at risk from internal threats – because just one employee thinks that cybersecurity isn’t his or her job.
Our Second Annual Data Breach Preparedness Study casts a stark light on the threat: 43 percent of the companies we surveyed do not have privacy and data protection awareness training for employees and others with access to sensitive information, and 66 percent either don’t have or don’t know if they have programs in place to train customer services personnel to deal with consumer inquiries regarding a data breach. Those statistics perhaps go a long way toward explaining another: 59 percent of security incidents in 2013 occurred because of employees and/or negligence, according to another Ponemon study.
Cybersecurity and data breach preparedness is everyone’s job, and National Internet Safety Month is the perfect time to foster a culture of vigilance among all your employees. Since it’s likely that nearly everyone in your organization uses the Internet in some capacity, and they’re also more likely to be aware of personal cyber risks, internet security is a great starting point for your dialogue with employees.
This month, consider providing training programs on these vital topics:
- BYOD (Bring Your Own Device) – It’s not uncommon for employees to use personal devices such as smartphones and tablets to do work activities such as send emails and access data on company servers. Your organization should have a clearly defined BYOD policy and all employees should be aware of expectations and limitations regarding their use of personal devices for work.
- Controlling personal Internet use at work – During their lunch hours and coffee breaks, employees may shop online and check their personal email. They may be doing those personal actions during down times at work, but are they using your systems to do so? Personal Internet activity at work doesn’t just threaten productivity, it may put your systems at risk, too. Email attachments, suspicious links and bogus websites can expose your systems and data to viruses or malware.
- Route all software downloads through the IT team – As part of your cybersecurity policies, make sure employees understand that only your IT team is authorized to download software. If an employee wishes to download business-related software to his or her work PC, they should have IT review the software first and then handle the download. This helps ensure your IT team is aware of every piece of software in your system.
- Email security – Email has become a primary mode of communication in many offices, and it’s not unusual for key employees to handle hundreds of emails each day. Establish policies for what type of information can be shared via email – to help protect your business’ sensitive data.
- Preach password protection – The Anthem mega data breach that occurred late last year and was disclosed earlier in 2015 has been linked to compromised employee credentials. It’s vital that employees protect their logon IDs and passwords, craft strong passwords and change passwords regularly to ensure that regularly updated current information is secure.
While June is a great time to focus on cybersecurity, the dialogue between employer and employee should continue year-round. Data breaches pose significant risks to companies and their business viability; ensuring your organization is as well protected as possible is a task for everyone who’s part of it.