Although not every person on your team needs to be an IT expert, it’s become increasingly important for every employee to become cybersecurity-conscious. This involves companies training employees on how to recognize common threats and vulnerabilities in the company’s computer network, along with how to be accountable when they use the network.
Travelers.com lists several topics that are appropriate for employee trainings, both for new staff members and as refreshers for the entire team. These include how each employee has a legal obligation to protect the confidentiality of data gathered by the company. Each person should also know how to respond if his or her computer becomes infected by a virus or is providing error messages, running sluggishly or is otherwise problematic. The earlier your IT team is made aware of a potential threat, the more effectively they can respond.
Employees must choose strong passwords and change them according to well thought out company policy. Let them know what software they are or are not allowed to install on company computers and provide them with guidelines on what links should not be clicked on in emails, on social media sites and elsewhere online.
If an employee does click on a potentially problematic link, SearchSecurity.TechTarget.com provides an overview of how your company should respond. After the employee notifies the appropriate person on the IT team, your IT specialists will need to determine if your network was indeed compromised. Is any unauthorized activity noted on the network, post-click?
Also “review the malicious link itself on a lab machine to test the fundability of what occurs after being clicked.” The article shares ways to test on a segmented lab machine to gather relevant information while protecting the integrity of your network from further harm.
Once the immediate problem is addressed, be sure to determine if any additional policies and/or technologies are needed to protect the network from phishing attacks. What else, if anything, should your employees be taught to proactively protect the company against cybersecurity threats?
The Business of Federal Technology site offers more advice on employee training, calling the changing of user behavior “one of the hardest tasks in IT security . . . For instance, firewalls won’t prevent an employee from stowing passwords under a mouse pad.”
The first tip offered in the article is to make employee training simple and routine. For example, the Millennium Challenge Corp. has its employees take a daily quiz from an application developed by the U.S. Agency for International Development. They monitor the degree of an employee’s security knowledge by tracking scores and summarizing them in a monthly performance report. Employees also receive a tip of the day to provide training information in easily digestible chunks.
Consider creating a vulnerability assessment team that measures what employees actually do, rather than just what they know as evidenced by quiz scores. The same person who scores well on a quiz may put his or her password on a sticky note on a computer monitor. This article contains significantly more information that you might want to read, and ends with this statement: “there is no silver bullet when it comes to cybersecurity, so a layered approach works best — one that relies on training and automated security solutions.”
People who purposely initiate malicious online activity never rest and so you need to have the ability to respond, 24/7/365. So, consider commissioning a network security audit. When you choose Vidius Solutions IT for your network security solutions, you are partnering with experienced professionals who can provide comprehensive network management services following IT best practices.
With Vidius Solutions IT, you can have peace of mind, thanks to our remote, dedicated data centers with disaster-protection safeguards and backup redundancy. Contact us today to discuss how we can help or call 800.518.8230.