Tuesday, June 19, 2018

5 Things Employers Can Do to Improve their Cybersecurity

As the Clinton Campaign, Sony, and thousands of other organizations have found out the hard way, hacking has become a major problem. Attacks from hackers can be devastating, and employers are shelling out vast sums of money on cybersecurity. While these expenses might be worthwhile, here are 5 inexpensive things that employers can do to protect the security of their information:

Train Employees to Recognize and Not Fall Victim to Phishing Scams
Phishing is the attempt by hackers to obtain sensitive information like usernames, passwords, credit card info, etc. by sending an email that looks to be legitimate. The email directs the user to enter his or her information into a website, which the hacker can access and then exploit. Employees should exercise extreme caution opening emails that come from someone whom they do not know, never respond to an email that looks odd and that has unusual spellings and characters, or that does not pass an anti-virus program. Employees should only enter sensitive information into websites they know to be secure.

No Weak Passwords
Employees should have training on password security so that they understand the difference between strong and weak passwords. Strong passwords should not be easy to guess, and should contain multiple types of characters. Passwords should not be shared with the entire company—only the user and perhaps an IT professional should know what the password is. Also, passwords should be changed every few years at least.

No Downloading Unauthorized Software
Only IT professionals should be permitted to download software. Downloading malicious software is one of the primary ways in which a company’s cybersecurity can be breached. Make it known to your employees that they are not permitted to download software unless specifically authorized by an IT professional.

Alert Employees About Cybersecurity Incidents
If there is a breach of your cybersecurity system, let your employees know. Issue instructions about how to respond, and, if necessary, consider alerting the press. A lack of transparency may increase the damage caused by a cybersecurity incident, so employers should be forthcoming when such an incident occurs.

Create a Cybersecurity Policy, and Have Regular Training on It
Studies have found that only 36% of companies have cybersecurity policies. When considering the enormous damage that can be done by a cybersecurity breach, I believe that every employer should have such a policy in place. This policy should not only discuss ways to ensure cybersecurity, but should also discuss what should be done in the event of an emergency, like when, for example, an employee downloads malware. Such a policy should also reward employees who abide by it and hold those accountable who do not.

However, a cybersecurity policy is pretty useless if your employees do not know about it. Have regular cybersecurity training to discuss your policy and address any cybersecurity concerns your employees may have.