More and more companies are taking at least a part of their business online. Even some of those that would have been typical brick and mortar businesses just a few years ago are starting to sell their products on the internet. This can lead to many troubles, including security breaches that could result in the exposure of confidential data related to you, your business or even your customers.
There’s one specific aspect of this issue that’s truly stunning – as much as 60 percent of network security breaches are caused by someone “on the inside”. In other words, by your employees or, not as often, your management. Of course, you could and should run background checks on new employees to make sure there’s nothing suspicious about them. But this might not be enough for at least two reasons. First of them is the fact that more than 20 percent of employees in UK and US have admitted that they wouldn’t necessarily refuse the offer to sell their company’s confidential info. Furthermore, a quarter of these breaches were caused inadvertently, with no malicious intent. This means that securing your employees online should go beyond simple security checks. Here a few things you should pay special attention to.
The most logical thing you can do is, obviously, teach your employees how to use the network in the safest possible way, recognize threats and handle them. Naturally, first you’ll have to come up with a detailed and sound plan of action and set of procedures that are to be followed should anything suspicious happen. This should especially be done with those workers who have access to sensitive data, but also with anyone using the network as well. Finally, you should strongly encourage your employees to always report a potential threat they recognized. They should never hesitate to do this, even when they feel like it’s caused by them, because if there’s a problem that’s not solved right away, it could get out of control and seriously damage your business.
Some people simply can’t cope with the world of technology and no training will make them IT experts. Also, no training can cover all the harmful scenarios that can potentially occur. That’s why installing a monitoring software is sometimes a life-saver. Monitoring computer activities of your employees is useful for multiple reasons, the most important one being the fact that you can check if they’re using the internet in a secure, responsible and knowledgeable way. There could be employees who still easily fall for all sorts of phishing scams or are unable to recognize obviously unsafe websites. You might want to offer them some additional training or simply limit their access. You can also benefit from this software in many other ways – you can find out who’s late for work, who are the most productive members of the team, what are their daily routines and how good is their overall work ethic.
Whichever kind of online business you’re running, there’s some software you can’t do without. When it comes to these, you have to make sure they’re regularly updated. No software can be perfectly designed. Cyber criminals are always ready to take advantage of bugs and loopholes in the software and as soon as these are fixed by the software company, you need to get the newest and safest version. Even going with automatic updates is a good idea, whenever it’s possible.
In general, having a BYOD (“bring your own device”) policy is a very bad idea if you want to maintain the security of your network. There are all sorts of ways this could go wrong, and if just one of your employees loses a device or downloads a malware your business is at risk. If you decide to go with it anyway, at least make sure you have a policy that will make people use firewalls and regularly updated antivirus software on their laptops or smartphones. Limiting the access to sensitive data from private devices is also advisable.
Believe it or not, 63 percent of data breaches are due to weak or stolen passwords. It may sound silly, but you have to explain to your employees that their passwords have to be strong enough and that they have to be changed regularly, every 30 or 90 days. Again, if you’re not convinced that this kind of policy would be properly implemented by your workers, automatizing the password-change process is not a bad idea at all.
Being careless with enforcing these protocols can sometimes literally ruin your business. It’s not just about having rules and procedures your employees should follow, it’s about making them aware of the importance of these procedures. Only then you can count on them using the network responsibly, thus minimizing the risks of any harmful incidents.