There is no question that security is very important to the success of your company. A study from Netwrix reported that 100% of government workers believed their employees were likely responsible for their security breaches. Nearly half (41%) said it was due to human error and not malicious intent. Shredit reported 84% of c-suites admit employee negligence is their biggest security risk for data breach or loss. It’s a big problem. And, it’s definitely not something you want to ignore until you run into an issue.
86% of c-suites are saying this risk for a breach is higher when employees work remotely.
Yet, businesses often fail to train employees on important security policies. Only 54% of c-suites say they are training their employees on safely using public Wi-Fi and only 60% say they are teaching employees not to share company-issued electronic devices with family or friends. Small businesses reported even lower numbers, with only 25% admitting to training for employees on most major security threats. Only 20% of small businesses had offered any training on rules for employees sharing devices with their family or friends.
Here are some of the most important security concerns you should be training employees to handle.
Good Password Practices
The National Institute of Standards and Technology (NIST) sets the widely accepted best practices for passwords and security standards. The recommendations for passwords include:
- 8-character minimum and 64-character max
- Only change password due to signs of compromise
- Screen passwords against a maintained list of any compromised passwords
- Limit number of failed attempts
- Skip password hints or security questions
- Allow all ASCII characters as well as all UNICODE characters (even emojis)
- Allow copy and past functions for passwords (facilitating password managers)
- Do not require the unnecessary burden of character composition rules
Multi-factor authentication (MFA) is a huge asset to security, blocking more than 99% of automated cyber-attacks. It doesn’t require extra hardware and is typically offered through your tech and security vendors. Single sign-on (SSO) can help streamline authentication factors and improve security.
Customer Data Protection (GDPR)
The General Data Protection Regulations (GDPR) was established in the EU, but should have an effect on US businesses too. In 2018, these regulations were put in place that required companies to provide individuals with more control over their personal data. The goal was to impact the care companies take in processing and storing data. You should have a policy in place that outlines what kind of data gets stored and how it is used. US companies often fail to audit their service providers and check third-party agreements to ensure compliance across the board.
Secure Network Connections
Wi-Fi can offer a huge security breach opportunity for cybercriminals and hackers. Multi-factor authentication should be required for all users to join a secure network within the workplace. You need to keep strange devices and computers away from your data and systems. Endpoint protection should be put in place for home users and remote access should only be enabled for specific IP addresses (company devices) that your employees are using. Employees should never use unfamiliar Wi-Fi. Hackers sometimes set up rogue Wi-Fi networks to harvest data from unknowing victims.
Security Awareness Training and Protocols
Require your employees to participate in training for the specific type of equipment you offer. Different devices, software and hardware will all have different weaknesses or potential for security lapses. Something as simple as data on a flash drive could be a major breach of company or customer privacy if it was accidentally left in a café or dropped in a parking lot. An employee using a company laptop that clicks on an “urgent action required” phishing email link could accidentally bring the company a whole host of problems. Even posting a comment on the company’s social media account instead of a personal account can cause major waves. On video meeting conferences, privacy issues can occur if you fail to make a meeting closed to the public or someone forgets their camera is on.
- Don’t assume your employees know the rules or “common sense” of technology.
- Define sensitive data
- Create a user policy for devices
- Establish a protocol for lost or stolen devices
- Implement device-specific training and usage rules
Chose the Right Structures
Most importantly, you need to choose the platforms and services that are committed to heightened security. Between your conferencing tools and your cloud vendor, your IT team should be carefully scouring plans to ensure vendors offer top-notch security. Once you have the right systems in place, make sure your employees are using the latest versions of those tools. Companies are working hard to respond to security concerns caused by pandemic hackers and so the updates have been frequent as they catch issues. Some companies even require annual or semi-annual device check-ins so the IT team can just give everything a once-over. Your company will also want to respond with increased security, so it’s crucial that employees have the latest updates and patches for every tool, platform and device they use.
At Extended Office Solutions, we provide reliable and secure connections for your company’s customer service calls and collaborative meetings. Contact us today if you want to learn more about how our products can help your office improve communication, better utilize call data and beef up security.