Spring Cleaning Cyber Hygiene Guide For Business

It’s spring, and many of us are gripped with the urge to open the window and let the fresh air in.

The urge for spring cleaning is nearly universal. Wouldn’t it be great if your enterprise had the same urges toward cybersecurity hygiene?

You are aware of the weakness in your security plan: All the security in the world won’t work if an employee opens malware disguised as an innocuous link in email.  It’s estimated that 91 percent of cyber attacks start as phishing. But locking down your enterprise from the outside world is not an option.

Hackers exploit busy employees’ who may fail to change default passwords or use the same password for many accounts. Even social media puts you at risk when employees post intellectual property, photos of unreleased products or details about associates on personal and company accounts.

But, what if you could make those same employees your best advocate for safety this season?

Training is the first line of defense.

When you train your colleagues to be aware of threats and risky online behaviors, they can become the front line of defense on your war against hackers.  

Training should be interactive. Old-school training where HR herds staff into a conference room didn’t work 20 years ago; so don’t do it today.

Now you can use interactive tools that has employees practice concepts as they learn them. In fact, last year’s Gartner’s Magic Quadrant report on Security Awareness Computer-Based Training noted  “SaaS-based Learning Management Systems are now the status-quo” and the market was expected to grow in 2017.

What will you teaching?

  • Each machine counts. Whether it’s a work computer where you download software, a device in a workspace connected to the internet or a computer brought from home that logs into wifi, employees need to be careful with what they connect to the enterprise’s network.
  • Be suspicious of what comes in. Emails that look like they’re from directors that have odd email addresses; links that look suspicious but “might” be appropriate; emails that are obviously spam should not be opened.
  • Strong passwords work. Default passwords on machines that are not changed are an open invitation to hackers. Hard-to-decipher passwords are a must, and should not be used in many locations.
  • Save copies. If you cannot automatically backup your employees’ work, show them how to do it, and do it often.

Once you have brought the staff up-to-speed on how to be secure, creating an environment where security is part of the culture is the next step. Encourage employees to be vigilant and speak up is something doesn’t look right – even if it comes from someone in the C-suite.

Lastly, training should be easy to access and continual — everyone should know how to follow security protocols, and all should be able to stay up-to-date on the latest threat. To do that, you’ll need to find a good partner with access to the latest security technologies and approaches.

A partner of Fortinet and managed security services provider, TecRefresh can deliver the technical expertise and technology benefits you need to bolster the strength of your cybersecurity-aware workforce.