Five Tips for Cybersecurity in your Workplace
Whether intentional or not, the weakest link in the cybersecurity chain is often one of your own co-workers or employees. While intentional, “inside job” data breaches and attacks are certainly an ongoing problem, the culprit in too many instances is actually an accidental breach that stems from less-than-safe tech behaviors.
That’s why it’s important to make sure everyone on the team knows the threat, knows the policy that will help minimize the danger, and understands that those rules are to be followed without question. Here are five helpful measures to incorporate in your workplace to mitigate the threat of accidental cybersecurity breaches:
- Policy – It’s hard to know when you’re violating the company’s computer use policy if your company doesn’t even have one. Unfortunately, without a computer policy in place and widely shared, not only is your company in danger of a cybersecurity breach, but employees are in danger of breaking an “unspoken rule” that could have consequences for their jobs. Your company’s computer use policy needs to address the acceptable and unacceptable uses—for example, some companies are fine with employees using their work computers for personal business, so long as it’s done at lunch—as well as outline the reporting of incidents and issues.
- Reporting and consequences – A lot of cybersecurity issues start out small, but they can quickly escalate until your entire network is affected. Unfortunately, if the computer policy doesn’t allow for honest reporting without dire consequences, it can be tempting to keep quiet if something goes wrong. The policy should factor in the ability to report a problem so that it can be cleared up quickly.
- Updating – You’ve probably seen pop up notices to update your antivirus or your browser, so it’s important to make updating your tech and software a part of the computer policy. But more importantly, you have to make sure that updating the policy itself is a regular habit. New threats and attacks crop up every day, so without an up-to-date policy manual and training on the latest forms of cybersecurity dangers, your company is only as safe as the old version of the manual.
- Talk about it…often – A cybersecurity presentation is not a set-it-and-forget-it solution. Your team members may change, new dangers may crop up, new technology may be bought for your company. A once-a-year talk at an employee meeting is not sufficient to keep your company’s employees aware of the danger and thinking of security. Make sure that sharing news of the latest threat—and how your company is supposed to respond to it—is an ongoing conversation.
- It all starts at the top – When a mandate for a computer policy or a cybersecurity meeting comes down from higher ups, it’s easy to forget that the people at the top are just as likely to cause a cybersecurity breach as those at the bottom. There’s no reason to assume the managers or executives can’t be guilty of clicking on a link in an unknown email, or accidentally handing over access to a database of sensitive information. When the company talks about cybersecurity, it’s important that everyone—from the CEO to the janitor—understands the dangers and knows how the company’s technology is supposed to be used.
Anyone can be a victim of identity theft, anyone can use our services, and anyone can help us help others. If you found this information useful, please consider donating to the Identity Theft Resource Center to help us keep our services free to the public.