CYBERSECURITY issues . An appropriate assessment will let you know the potential cost of an attack and assist in ranking the most important issues to resolve .
ANOTHER IMPORTANT ASPECT OF CYBERSECURITY IS EMPLOYEE TRAINING .
Empowering your employees to recognize common cyber threats can be beneficial to your organization ’ s computer security . Security awareness training teaches employees to understand vulnerabilities and threats to your business operations . Your employees need to be aware of their responsibilities and accountabilities when using a computer on a business network .
New-hire training and regularly scheduled updated training programs should be established in order to instill a culture of security into your organization .
Employee training should include , but not be limited to , the following :
DOCUMENT MANAGEMENT AND NOTIFICATION PROCEDURES
Employees should be educated on all your data incident reporting procedures in the event an employee ’ s computer becomes infected by a virus or is operated outside its norm ( e . g ., unexplained errors , running slowly , etc .). They should be trained to recognize a legitimate warning message or alert . In such cases , employees should immediately report the incident so your IT team can be engaged to mitigate and investigate the threat .
SECURE PASSWORDS
Train your employees on how to select safe and secure passwords . The old suggestion of extremely complicated passwords that you update every couple of months is actually unhelpful and has led to many employees using easier-toguess passwords with minor changes in order to remember them .
The best suggestion for secure passwords is to use phrases that the employee can easily remember , but long enough that a computer would take forever to brute force . This can be as simple as taking 4 words and changing some of the letters . Elephant , Waffle , Pirate , Globe becomes eleph @ ntwaffl3p ! rategl0be . Very secure and near impossible for outside forces to brute force or guess .
BEING RESPONSIBLE FOR COMPANY DATA
Continually emphasize the critical nature of data security and the responsibility of each employee to protect company data . You and your employees have legal and regulatory obligations to respect and protect the privacy of information and its integrity and confidentiality .
UNAUTHORIZED SOFTWARE
Warn your employees that they are not permitted to install unlicensed software on any company computer . Unlicensed software downloads could make your company susceptible to malicious software that can attack and corrupt your company data .
INTERNET BROWSING
Make your employees aware of emailed or online links that are suspicious or from unknown sources . Such links can release malware , infect computers , and steal company data . Your company also should establish safe browsing rules .
EMAIL
Utilizing your email responsibly is the best defense for preventing data theft . Incorporate multi-factor authentication and never open suspicious email . Employees should be aware of scams and not respond to email they do not recognize . Educate your employees to only accept email that :
• Comes from someone they know or recognize .
• Is something they were expecting .
• Does not look odd with poor spellings or strange characters .
• Passes your anti-virus program test .
WATCH OUT FOR SOCIAL ENGINEERING AND PHISHING
Train your employees to recognize common cybercrime and information security risks . This includes online fraud , social engineering , phishing , and webbrowsing risks .
SOCIAL MEDIA POLICY
Educate your employees on the use of social media and online communication . They should receive training and guidance on the use of a company email address to register , post , or receive social media .
PROTECTING COMPUTER RESOURCES
Your employees should know the ins and outs of safeguarding their computers from theft by locking them or keeping them in a secure place . Moreover , critical information should be backed up routinely , with backup copies being kept in a secure location . All of your employees are responsible for accepting current virus protection software updates on company PCs .
MOBILE DEVICES
Communicate your mobile device policy to your employees for company-owned and personally owned devices used during the course of business .
Ultimately , there is no silver bullet for either preventing or recovering from an attack , but with an individual assessment for your business , you are able to build the policy that ’ s specific to you , and that ’ s the best place to start . +
A graduate of Butler University in 2010 , Scott Templin moved to Northwest Indiana when his wife had the opportunity to return to the family farm in Westville . In his free time , Scott loves sports , cats , board games , and spending time with his wife and son .
29