Every single employee at your company can be a cyber security risk if they aren’t trained properly. Learn online security tips all your employees should know.
Cyber security is crucial for small businesses. According to statistics, one in five small businesses will be hacked at some point and of those, 60 percent will go out of business. A huge 95 percent of credit card information breaches occur at small businesses, too.
Big businesses have massive IT budgets that allow for dedicated in-house staff to monitor security. Small businesses don’t have this luxury. What every business can do, however, is make sure that their employees are clued up with the latest online security tips.
Enlisting the help of a managed security solution gives you an excellent bedrock to build your cyber security safety on. Yet you still need to make sure that your employees are exposing your system to as little danger as possible.
This requires a broad approach. You need to teach your employees about data security, phishing, safe web browsing, and a whole lot more. It’s okay for this to seem a little overwhelming.
We’re experts in IT with a lot of satisfied customers. We’ve decided to put the most essential online security tips we know into this bite-sized guide.
Are you ready to improve your business’ security? Then read on!
Talk to Your Employees About Phishing
One of the biggest threats to your cyber security is phishing. This is an attack method where the hacker sends an innocent-looking email that contains malware. This malware can be a disguised program, malicious word processor macros, or a range of other malware types.
The scary part is how common these attacks are. In the UK alone, around 50 percent of small businesses are victims of phishing attacks each year.
If the attacker is specifically targeting you, they may employ something called spear phishing. This is phishing that is highly-targeted and may be addressed to a specific individual at the company.
How can you teach your employees to be wise to phishing? It all starts with educating them to recognize suspicious emails. Bear in mind that some phishing emails are sophisticated and even use correct company logos.
You should be wary of any potentially fraudulent emails. If the email contains a link that you don’t recognize, don’t click it. You should also not enter any login details.
If the email is asking you to do something on your client’s site or with online banking, don’t follow the link. Instead, go to the site via the search bar and log in this way.
Other warning signs of phishing emails that are crucial online security tips your employees need to know:
- Be wary if it doesn’t address you by name
- Be suspicious of emails asking you to verify your account
- If it tells you your account has been compromised, contact the real company directly
- Check the security certificate of any website that asks you to put in personal info by clicking the padlock in the search bar
Online Security Tips for Staying Safe Online
Phishing emails are just one common attack vector. Another is what is known as drive-by-downloading. What is drive-by-downloading?
It’s where malware is downloaded to your computer when you visit a site. Note, these don’t have to be malicious websites either. Malware can be hosted in an ad served by a large and trusted site.
While it’s impossible to guarantee protection from all drive-by-downloads, there are some cyber security awareness tips that can limit your likelihood of being infected.
Only Visit Trusted Sites
While trusted sites can unknowingly host malware like any others, they’re not going to set out to infect you. Teach your employees to only visit legitimate sites that they’re confident in being able to trust. This means not visiting random websites that promise free software, games, or other such enticing offers.
Keep Your Firewall and Antivirus Software Updated
A firewall may not stop everything and antivirus software can fall victim to the newest zero-day malware, but keeping these two aspects enabled and updated can help keep you safe.
Install an Ad-Blocker
This isn’t a tip for your employees, but it’s something that you should be doing on all work computers. Ads are a common infection vector. If you block them and stop them displaying, this vector gets shut down, and you’re less likely to be infected with malware.
Make Sure Your Employees Backup Data
When a system gets infected with malware or hacked, you can lose valuable data. It is up to everyone in your business to keep what they are working on backed up.
You should keep local backups of all crucial data. This should be stored in a system that is not on your main network.
If you store your backups on the same network as your main computers, malware can spread from your other computers, destroying your backups. This is especially true when you are dealing with ransomware.
Ransomware is software that encrypts your files, then demands a ransom in return for restored access. Many ransomware programs can spread across networks and they have been known to target backups.
Getting employees to back up their work on a computer that is not connected to your main network negates this risk.
Your backups shouldn’t just be stored locally, though. A range of problems could occur, not even just cyber security ones, that render your backups inaccessible. What would happen if the backup computer was destroyed in a flood, for instance?
This is where cloud backups come in. Your backups will be stored on Google Drive, Onedrive, Dropbox, or any other provider.
This means that they are stored in a server farm far from your local area. It also gives you the confidence that your data is in safe hands.
A lack of backups can increase downtime. If you want to limit the risks of downtime, take a look at our managed IT solutions.
Keep Your Computers Updated
If you don’t have a centrally-managed IT system, then one of the most important cyber security tips for employees is to keep their computers updated. If you’re using Windows, Windows Update should install important updates for you. You must train your employees not to cancel or postpone updates.
The importance of software updates cannot be overstated. If you do not update your operating system and other software, you leave gaping security holes in your system.
You can encourage employees to set scheduled update times too, at times when they are less likely to be working.
It isn’t only computers that need to be kept updated either. If you have supplied your employees with business smartphones or tablets, they will need to update those regularly.
A hacker will discover any weak link in your security system. They will then use this as an access point to wreak havoc and endanger data security.
Train Your Employees About Device Security
Physical threats to your security are another crucial part of cyber security. This comes in many forms, so let’s take a look at some of them.
Teach Your Employees Not to Access the Network on Unsecured Devices
Your employees should not access the network on an unsecured device that hasn’t been approved by you. This means that unsecured phones, tablets, laptops, and any other devices should not be connecting to your network without being screened first.
This may seem unfair to your employees at first, but you need to teach them why it is important.
You don’t know that their systems are 100 percent clean of malware. If even one piece of malware is on there, undetected, it could spread like wildfire, lose you money, and put them out of a job.
Do Not Plug in Unknown Devices
Your employees should be taught not to plug in unknown USB devices. Researchers have identified at least 29 common USB attacks.
These include malware loaded on to USB sticks that auto-installs and USB devices that are designed to short out computers. You need to train your employees to report any unknown USB devices that they discover on company property. Teach them never to plug in a device that they don’t recognize.
Lock Computers When Not in Use
Teach your employees to lock computers and other devices when not in use. Whether in the office or working remotely, leaving your computer unlocked is like not locking your front door. Don’t risk it.
Password Security Tips
Some of the most important cyber security tips and tricks involve password security. These are the ones that you need to teach your employees.
Do Not Reuse Passwords
You should never reuse passwords, however complicated. This is a fundamental part of cyber security. If you reuse your passwords, a hacker only needs to discover one.
After that, they will have complete access to everything that your employee does. This is not a scenario you want. That way lies data breaches and tens of thousands of dollars in costs.
Create Unique Passwords
When your employees make new passwords, teach them to create secure ones. There are two different ways that you can teach them to do this.
One, we’ll call the “correct horse battery staple” method. Named for this old xkcd comic, it involves combining multiple common words into an easy to remember and secure password. The fact that I didn’t even have to look the comic up to remember this one after all those years proves its efficacy.
However, this one does still put the pressure of remembering a password on to your employees.
If you’d prefer, you can use a password management tool that generates extremely complex and secure passwords and stores them for you. Some examples include Bitwarden, Lastpass, and Dashlane. These only need one password to access your master vault, so you should use the correct horse battery staple method for master passwords.
Train Your Employees On Elevated Privileges
Your employees will, ideally, not have elevated privileges on their machines. You should lock down your employee accounts so that they only have access to what is necessary.
This means that they shouldn’t be able to install software themselves. That is a job for the IT team.
Yet if you’re a small business without a dedicated IT department, then you might need to give your employees elevated privileges. If they do have elevated privileges or admin accounts, then teach them the responsibilities that come with them.
Teach your employees not to install software from any untrusted sources. You can make this easier by giving them a list of trusted sources and prohibiting them from installing software from other sources.
You should also request that they not change any part of their computer’s security without talking to you first.
When and How to Train Employees
You should start giving your employees these online security tips from their first day on the job. Make it part of the onboarding process: just as you’d show them how to use certain pieces of software for their job, they should also know the correct security procedures.
Training shouldn’t stop on the first day, though. Throughout the year, dedicate a few hours to security training to keep your employees up to date on the latest threats.
This can be done with a few different methods, but at the end of the training sessions, you should evaluate what your employees know. You should also answer any questions that they may have.
You could evaluate their knowledge with a paper test, but why not take it a step further? Stage a mock attack on your system and see how your employees react. If they fail, they may need more training.
Keeping Your Company Secure
Keeping your company secure can feel like a full-time job. These online security tips will help a lot, but the pressure is still on you to teach your employees.
If you want to take the weight off you, you should consider investing in our managed IT services! If you would like a quote or if you have any other questions, please get in touch with us!