This post was originally published here by casey pechan
External cyber threats are a constant concern for business organizations. They dedicate teams to try to stay one step ahead of the latest ransomware or virus at any given time. However it can be easy to overlook one of the greatest risks to an organization’s security: employees.
While most organizations provide employees with an employee handbook on their start date, a security policy guidebook should be just as important. Below, we spell out the top ways you can ensure that your organization stays secure – from the inside out. After all, an observant employee can be your best asset, while a careless one could become a compliance nightmare.
Not all passwords are created equally – A poorly designed password does little to protect intellectual property or data from attack. Make sure employees have passwords that are strong enough to actually withstand attempted breaches. An even stronger approach would be to use a password key software (like 1password).
Software updates should be an immediate, mandatory requirement – Devices with a long list of updates in the queue are far more vulnerable to breaches and attacks. Requiring and reminding employees to regularly update laptops, IoT devices (especially IoT) and phones will help keep you protected.
Establish a thorough security policy (and enforce it) – Take a look at your company’s employee security policy. Are employees required to pass a test based on this policy each year? Does the security policy cover safe device use, including laptops, IoT products, and phones? Does the policy cover safe printer use, and when or how employees should notify the right personnel of an intruder?
Device restrictions – Setting up device restrictions and enterprise mobility management systems is an important way to secure company property against dangerous downloads and other beasts lurking on the great wide web.
Security over productivity – Employees have reported being willing to cut corners on security in order to improve their productivity. While the sentiment comes from a good place, creating a culture that only applauds efficiency above all, leaves far too much room for risk.
Educate as a team – Don’t leave security to the IT professionals in your office. Creating a culture of teamwork where security extends beyond the mandatory training and ingrains itself into workplace culture – from interns to execs – will save headaches in the long run.
Beware of the little black book – Former employees can be a security risk if they’re allowed to leave with intellectual property. And in fact, many employees believe that’s it’s perfectly all right to walk away with documents and more. Make sure employees are aware of what is and isn’t acceptable to take upon exit.
Don’t leave a paper trail – Carelessly leaving paperwork on a printer is a great way to unwittingly share confidential documents. Make sure employees are aware that even when working in an office of their peers their actions can pose a security risk.
It may seem obvious, but no tailgating- It’s essential that employees understand why it could be unsafe to hold the door open for others without knowing if they have a keycard. It seems standard, but the urge to be polite can lend itself to dangerous situations!
BYOD doesn’t mean handle your own security – If an employee chooses to use their own phone or laptop as their work device for the sake of convenience, be sure to have a backup plan in case the device is lost or stolen. Encryption and remote programming aren’t options – they’re necessities.