Hackers are after your company’s data. A University of Maryland study found that internet-connected computers experience cyberattacks every 39 seconds. And, while attacks against large companies get most of the media coverage, small businesses are just as vulnerable. A recent Ponemon Institute study showed 67 percent of small and medium-sized businesses suffered cyberattacks in 2018, up from 61 percent the previous year.
Think external sources are mostly to blame? Think again. The Ponemon research and a 2018 Shred-it study both found that employee error is the leading cause of cybersecurity risk. Employees may lose company-issued laptops or phones that then fall into the wrong hands, leave their devices unlocked and unattended when they work offsite or engage in other risky security behaviors. So, your people are both your greatest assets and your largest security vulnerabilities.
The key to reducing your risk, then, lies in your ability to lower the odds your staff will inadvertently allow a hacker to strike. If employees clearly understand how dire cyberattack consequences can be, they will be more likely to invest in understanding and following your company’s cybersecurity measures.
Information security can be intimidating, so successfully engaging employees on these technical matters may be challenging. Following these best practices, however, will help you equip your staff to ward off potential cyber threats and be more of an asset than a liability when it comes to protecting your data:
Continuous Training. Stress the importance of cybersecurity as soon as an employee joins your organization. Emphasize your company’s commitment to cybersecurity during the onboarding process and reinforce its importance through regular training sessions. Provide concrete examples of potential threats and their implications so employees fully understand how cybersecurity affects them and the company and what they can do to reduce risk.
Cybersecurity Policy. Establish and regularly update a protocol employees should follow if a security breach should occur. Share it with your entire staff – and not just once. Communicate the policy every chance you get – in your employee handbook, at staff meetings and during security training. Planning in advance the tangible steps that should be taken in the wake of an attack will help minimize its impact. For example, you might instruct employees who recognize a cyber concern to immediately disconnect their computers from the network.
Include a proactive portion that clearly expresses what employees should and shouldn’t do when it comes to technology. Consider sending out fake phishing emails to your staff to gauge how everyone reacts to clever requests for sensitive information. Such phishing tests will help identify problem areas you should address through training and illustrate to employees how vulnerable everyone is to hackers.
Share Knowledge. Establish a means of communication through which employees can securely warn the IT department of suspicious cyber activity and ask questions about a suspected phishing email or malicious email attachment.
When employees repeatedly hear from IT and management how important cybersecurity is to an organization, they are more likely to make it a priority. Training and communication are the best ways to make employees understand how disruptive cyberattacks can be and enlist their help in defending against them.