Staying with your safe from a cyberattack isn't as straightforward as actualizing endpoint insurance programming. You'll need to prepare every last representative to realize what to search for some time recently, amid, and after work every day. Things, for example, phishing, physical burglary, and spam can drastically hurt your business.
I talked with Michael Kaiser, Executive Director of the National Cyber Security Alliance, about the numerous courses in which organizations ought to give specialists data and instruments to remain caution about potential cyberattacks. Once you've prepared your group, it's dependent upon you or your IT office to give the product from organizations, for example, Bitdefender, Kaspersky Lab, and Symantec that keep up system and gadget security.
I talked with Michael Kaiser, Executive Director of the National Cyber Security Alliance, about the numerous courses in which organizations ought to give specialists data and instruments to remain caution about potential cyberattacks. Once you've prepared your group, it's dependent upon you or your IT office to give the product from organizations, for example, Bitdefender, Kaspersky Lab, and Symantec that keep up system and gadget security.
1. Offer Phishing and Spam Training
Business Email Compromise (BEC) attacks target companies with scam messages that extract information from unknowing recipients. An excellent example of a BEC attack is a fraudulent email sent from someone pretending to be the company's CEO to the company's human resources (HR) department. Without realizing that he or she is being scammed, an HR manager willingly sends personal employee data to a scammer.
2. Create an Acceptable Use Policy
Your employees shouldn't necessarily have free reign over how they use company devices while at work. For example, teach them to which websites they're allowed to go. Teach them which files they're allowed to download. Let them know which wireless networks are company-issued and safe for use.
Once you've got a policy in place, it's important to periodically re-establish the policy with your team. If you don't consistently emphasize the acceptable protocol, then your employees might forget it or they might become complacent.
3. Provide Strong Password Training
"The new wisdom is not to change passwords too frequently because every time they're changed, the new passwords get weaker and weaker," said Kaiser. So speak to your IT department to come up with a reasonable password change frequency (it will vary from company to company) and begin using that frequency immediately.
Furthermore, you'll want to train your employees to create strong passwords. Anything that contains more than 7 characters, an upper-case letter, a number, and a symbol should be strong enough to prevent casual attacks. However, you'll want to advise your employees against simply changing one of those characters when they're prompted to create a new password; instead, they should start from scratch with a new sequence of letters, numbers, and symbols.
4. Teach Employees to Report Problems
Even if your employee clicked on or downloaded something that he or she shouldn't have, it's important that all threats be reported. If you make your employees feel safe about reporting infractions so as to reverse damage or prevent intrusion, then your team will be much more likely to come forward.
"You've got to build a non-blaming atmosphere where people can bring issues forward, even if they made a mistake," said Kaiser. "It's more important for the business to know that there's a potential issue than it is [to punish employees for an infraction]."
5. Use Proper Device Management
Mobile Device Management (MDM) software will help you in the event that software needs to be manually updated, an employee has gone rogue, or if you need to remotely wipe a lost or stolen device. But, if your company is too small or too technologically unskilled to maintain an entire fleet of devices, then you'll want to train your employees to take proper care of their devices both physically and digitally.
Make sure your employees know that they need to update all software when new updates become available. These updates typically contain security vulnerability fixes. Without the update, the vulnerability will continue to exist, thus giving hackers access to the device and possibly your entire network.
"Make sure they're always aware of the physical security of devices," said Kaiser. "Make sure they're not leaving the device unattended and that the device is properly stored when in a vehicle so it's not visible." Kaiser also said it's important to train your employees to understand the physical limitations of your devices. Are they waterproof? Are they dust-proof? What are the safe high and low temperature thresholds for the device?
Additionally, make it a requirement that every device that houses company data be passcoded or opened via biometric reading. This is a simple rule that everyone should follow, even with personal devices, but it's worth reiterating for your more naïve or stubborn employees.
6. Give Remote Access and Wi-Fi Training
If you're concerned about security (which you absolutely should be), then set up a Virtual Private Network (VPN) immediately. If any employee is working remotely, then he or she should be using that VPN at all times for all activities.
You should also institute policies and procedures about how employees use Wi-Fi when they're away from the office. The Wi-Fi networks they access should be password-protected and feature strong security settings. When your employees are on smartphones and tablets, they should always opt to use the device's cellular data plan rather than an unknown Wi-Fi network.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.