One of the best ways to increase the security of your business network is to help your employees understand why cyber security matters. Most employees want to help your business succeed. But just as they need to know what your primary growth goals are, they need to know what actions might put your network at risk.
I recommend a staff meeting this month on cyber security since there is media attention about National Cyber Security Month. Your employees may already be thinking about cyber security. To jump start your meeting, here is a draft agenda:
The Risk– over 50% of small businesses will be hacked this year
Even with a well secured network, there are risks. Share some examples of other small businesses you know that were hacked.
1st Line of Defense – Every Employee
If everyone focuses on cyber safe practices, the risks are reduced. Technical tools are part of the solution, but people make the difference. Ask for ideas from your employees.
Social Media at Work – Why not
Social media data (emails, passwords, personal information) is the hottest product in the cyber-crime black market. This data is now more profitable to hackers than credit cards. Chat about examples of information staff have seen personally that they think should not be shared on social media.
Don’t Go Phishing
Sophisticated and simple phishing scams are very common. The hacker may send you an “unpaid invoice” email with malware attached or he may send a highly targeted email about a favorite charity. Look closely at emails before opening them. Share stories to get the attention of others. Do an internet search for “phishing quiz” and ask your employees to decide which examples are real emails or phishes.
Social Engineering Targets
Hackers will try to con employees into sharing information about other employees or the business by creative means. They may chat with their target at Starbucks, in the parking lot, or appear as a repair person. It is ok to talk to strangers, but employees need to be wary when a stranger asks questions that are too specific or don’t seem appropriate. Do a quick role play of a social engineer and an employee.
Internet of Things Include USBs, iPods and Tablets
No one should use the USB drive that a stranger casually gave them or was found in the parking lot. Chances are it has malware imbedded. Anything that can be attached directly to the company’s network should be screened for malware before attaching. Malware can be on a phone app, on a monitoring device, or an electronic toy. Do “show and tell” with a few examples of things that can be attached to an office desktop.
Wrap Up – Why They Are The Best Staff Ever