Smart cookie business owners are beginning to realize how important it is to make sure new employee training includes instruction on how to stay safe online at work. And by safe we mean developing a cybersecurity-oriented culture among all employees that emphasizes how critical it is to protect confidential company information and keep malware out of the network. Since you can’t wave a magic wand and instantly create employee interest in the topic, get ready to roll up your sleeves and put in some sweat equity towards understanding and addressing the risks.
The Biggest Security Risk
While your employees are undoubtedly the company’s biggest asset, they are also its weakest link when it comes to security awareness. According to the 2016 Cyber Security Awareness Index (IBM), 60 percent of network security breaches involved insiders. Even more troubling, three-quarters of that percentage were carried out with ill intent. The rest we can chalk up to simple (though sometimes damaging) mistakes. If this doesn’t make you want to take a good, hard look at securing your company’s cyber assets, probably nothing will.
It Only Takes One
An employee who decides to leak (or sell) a few passwords could spell doom for your operation. Whether it’s raw data, competitive information, or simply access to the network’s resources in order to launch scams at others, all it takes is a single bad actor with an axe to grind or who sees an opportunity to turn a profit on the Dark Web at the company’s expense.
Preventing password shenanigans requires a proactive mindset on the business owner’s part. First of all, make sure that security processes are the most stringent around the most important information. Be stingy to whom you grant high-level administrative access. Those that you do, don’t be afraid to monitor their activities and even test them with fake exercises. Hurt feelings and paranoia are small potatoes! We’re talking about the continued life of your business here.
Foil the Crafty Hackers
The other major category of online security failures comes in the form of an employee who falls for a permutations of any of the phishing or spear phishing schemes. Whether it’s an email that appears to be from a trusted source or the inability to resist the temptation to believe that they just might actually have a wealthy Nigerian benefactor, you’ve got to train the urge to click on email links out of them. We could all learn something from the X-Files and trust no one. A single mindless click can open the floodgates to all kinds of heck ranging from identity theft to ransomware to keystroke logging to whatever apocalyptic network scenario you can envision.
Start ‘Em Off on the Right Foot
As alluded to already, the time to begin instilling an online security-minded attitude in employees is during training that occurs immediately after hiring. This should not be an afterthought but rather a robust presence that permeates the process and continues throughout their time at the company. Simply creating a security module to add onto the training is not enough. With so many employees accessing computer workstations and some sort of company network daily, security needs to be on their mind from the first login of the day to the last logout.
Don’t Forget Your AI Ally
For better or worse, we live in the Big Data Age. While some see it as the end of privacy, recent technological developments that merge artificial intelligence (AI) and huge pools of data to yield benefits for those concerned with cybersecurity have emerged. It hinges on the fact that humans are creatures of habit, and that extends to patterns in how we interact with technology. Deviations from these patterns (which might indicate a compromised system) would never draw the attention of human supervisors but can be pegged within minutes when AI lurks in the background.
Speaking of Technology
If you own a small business and still connect your company’s network through a plain, old internet connection, you’re asking for trouble, especially when Virtual Private Network (VPN) connections are available at such a modest cost. These “tunnels” run in conjunction with your ISP to encrypt data traveling both directions between your computer and the internet. The low cost/high reward in adding a VPN service for peace of mind and increased privacy should not be underestimated. This is especially important when in Singapore.
The Bottom Line
The big takeaway from these musings is that fewer than half of the massive data breaches blasted across headlines involved an outside hacker. The enemy is within and businesses of all sizes must come to grips with the reality that it’s not a faceless hacker to be feared but rather John from accounting.