While we usually cover safety issues relative to incidents such as falls, earthquakes, or fire, the damages of failing to observe cybersecurity safety protocols, which — though life-threatening, can be equally devastating. Cybersecurity Awareness Month is observed in October, and is designed to raise awareness about the risks of electronic data and information breaches that can happen to individuals, companies and organizations. I guess I should consider myself lucky that my lack of opposable thumbs limits my ability to tweet. So it keeps my electronic risk at a minimum.
Last week, the focus of National Cyber Security Awareness Month 2015 was on the “smart world,” meaning all of the internet-connected devices that exist — from phones to thermostats. And here, I’ve always thought of “smart world” as contestants on the TV show, Jeopardy. This week, we focus on building the next generation of cybersecurity professionals, with an emphasis on promoting education and awareness to spark interest in the field. Education is essential for companies that want to protect their critical data from hackings and/or breaches.
Tips for Business Owners
Up to 95% of breaches are caused by human error. Notice that canines are not even mentioned. Whew! So, it is vitally important to train employees, first by giving them context, so they understand the consequences of data breaches and hacking incidents. Then, employers can guide them about best practices such as protecting passwords, carefully guarding data relative to outside agents, avoiding phishing scams, and adhering to data storage policies. Empower employees to alert management when something seems suspicious or odd or such as when someone from graphic design requests company financial data for something other than an infographic. Also, make sure staff members are careful not to post sticky notes with passwords on their monitors. I don’t use sticky notes, myself. They get stuck to my fur.
Additional best practices include:
- Set automatic updates. Instruct IT to program automatic operating system and software updates, so the latest virus definitions and security protocols are always in place. Asking staff to perform these tasks manually opens you up to risks.
- Establish login tracking. Login monitoring should be in place to spot external access attempts and identify employees who are accessing sensitive information or data outside their purview.
- Set a security “fence” around sensitive data. I’m not usually a major fan of fences. But, in this case, they seem like a good idea. A company’s most important data (for example, personal customer information) should be protected behind a company firewall at all times. Restrict access to this data to a select few staff members. Also, make sure it is protected from potential download to personal devices or hard drives.
Tips for individuals to protect data and avoid cybersecurity issues:
- Follow password procedures. Using “12345” or “password” for computer passwords is not recommended. Staff members should be trained about methods for selecting strong passwords and protecting sensitive documents.
- Avoid storing data locally. News stories often recount employee losing laptops or thumb drives, with the device contents being used for illegal purposes. Discourage individuals from storing sensitive data directly on their devices. For greater security, instruct them, instead, to access data online. I guess that’s the mysterious “cloud” I keep hearing about? How safe can a cloud be for storing sensitive data?
- Protect mobile devices. Employers increasingly allow employees to use their own devices to check email and access work data. Before approving this practice, instruct employees about methods for wiping their devices if they are lost or stolen. For maximum protection, establish and follow written “bring-your-own-device” procedures.
- Don’t download unapproved software. Malware and other nasty computer bugs often reside in seemingly innocuous software. Beware of employees downloading free PDF-maker tools from the web. This software could be a launching pad for an attack. Staff should only download IT-approved software or apps to either their computer or mobile devices.
- Don’t click on unknown links. Many businesses are targeted with official looking emails that provide an “important link.” Clicking on the link could infect the user’s computer, which can then travel throughout the employer’s network. Encourage employees to run suspicious emails by the IT department for a thorough review and safe deletion. Makes sense to me!
Remember that safety is a daily priority, so be sure to think about disaster planning all of the time. A convenient and affordable way to make sure you are prepared for disasters and emergencies of virtually every kind is to subscribe to the RJWestmore Training System by Universal Fire/Life Safety Services, which has been designed to help improve and save lives. For more information about our system, or to subscribe, click here.