Everyone knows that protecting your company’s cyber security is important, but it goes far beyond just having the “security nerds” at the back end of the company’s computers infrastructure have protective software in place to resist hacking of the company’s data and the like.
Surprisingly, according to a study from Standford University, 88 percent of all data breaches come from human error, and what might be a surprise is that younger employees, those who are perceived to be the most tech-savvy, are actually the most vulnerable to releasing company data through such security attacks as phishing.
Here are a few good ideas to teach and regularly enforce security on your employees.
This goes as far as not posting work photos on social media such as Facebook.
The reason is that in the background, there may be a computer screen image or some kind of poster that reveals valuable information that potential attackers can use against your employees in a social engineering attack. The less ammunition you give them, the better.
The vast majority of workers have access to a company computer, but when pop-ups orlinks in emails show up, and a good percentage of those contain phishing links.
Click on the wrong link and some kind of backdoor is established that allows hackers to access that computer, and possibly even spread to dozens or hundreds of computers in the company.
This one is a mixed bag, with the company’s computer personnel being partly responsible, because they should never allow you to log in to a computer without a complex, 10-character password using both numbers, letters, and special characters.
Nevertheless, some companies leave it up to employees to create their own passwords with disastrous results. Passwords left to employees themselves can be as simple as abc123, password, password1, 123456, or even the name of the company such as BobsBBQ. Since password breakers can test hundreds of passwords within minutes, it’s essential that your work passwords (not to mention your personal computers) have strong passwords.
Your company needs to train everyone in the procedures necessary to verify accounts. Many people call a company and say they forgot their password, or they changed their mailing address and their email address. While the vast majority of these requests for help are legitimate, perhaps five percent are from imposters.
Your company needs to spell out a specific number of steps a caller must take to change, modify, or access an account, and above all, these procedures must be followed to the letter. Otherwise, it’s an “open sesame” to hackers.
Due to the Covid Pandemic, thousands of workers have gotten used to working from home. However, their home WIFI may make the company very valuable to hacking. To protect company data, a powerful VPN is the very least that a company can require to ensure that data remains secure.
There are dozens of other steps a company can take to prevent data breaches, but few of them work unless employees are constantly reminded of their need to be vigilant about cyber security. Training your employees to be careful, mindful, and diligent is the best way to protect against cyber-attacks.
Cybersecurity Guide for Law Firms
The Cost of Cybercrime: Understanding the Financial and Reputational Risks
Common Cybersecurity Struggles for Law Firms
Enter your details below and we will contact you within 1 business day.
"*" indicates required fields