SME survival guide: How to keep your employees safe online
As a business owner, keeping your employees safe online sounds like it should be easy, but with the increasingly sophisticated hacking tactics of cyber-criminals, this sadly isn’t the truth – in most cases at least.
Despite the majority of threats originating from outside an organisation, all too often actual cyber-security incidents emerge due to the actions of someone much closer to the office – an employee.
There’s no hiding from the fact that 2018 was replete with cyber-attacks and data theft – with at least one breach appearing in the news each month, and it’s important to be aware that sadly, this trend is likely to continue in a similar vein throughout 2019.
In fact, it was only last week that one of the biggest data breaches in history was recorded – with 772 million email addresses and 22 million passwords having been leaked at once. So, how can SMEs ensure their staff – and systems – remain safe? Well, if you’re unsure, the following tips are a useful place to start…
Education is key
Forget the saying that “ignorance is bliss”, because when it comes to IT, it isn’t. To greatly reduce your SME’s risk of being intercepted by cyber-criminals, it’s your job to ensure that your colleagues know about the threats that are out there.
As well as having up-to-date cyber-security measures in place, holding regular refresher sessions with your team – which recap cyber-security and use real-world examples of attacks on businesses – is another of the most efficient and successful way to achieve a strong resistance to cyber-threats. It’s only by contextualising threats and their consequences on a frequent basis, that staff will truly understand the part they play in the bigger security picture.
Informative Q&A sessions are an effective way of engaging your employees, but this alone isn’t enough. Training courses are another branch of awareness which should be explored by SMEs looking to effectively safeguard their people and their computers against external threats, such as fake URLs, phishing emails and other spam correspondence.
We’ve all heard that passwords need to be a mix of lower and upper-case letters, numbers and symbols, to be less susceptible to hackers – but how many of your employees actually adhere to this guidance?
As a rule of thumb, passwords should be long – at least 10 characters – and they shouldn’t contain common words or phrases found in the dictionary. That means the old favourite ‘password 123’ is a no-go. To ensure employees take this seriously, your SME needs to have a strict password policy in place, as this is an easy-to-implement measure against unauthorised users gaining access to your company’s critical data.
Another useful way of keeping your passwords out of the grasps of cyber-thieves is to set an auto-reset reminder once every month or two. Employees who regularly change their credentials leave less time for hackers to be able to access systems and given that 80% of all cyber-attacks involve a weak or stolen password, this is key! Also, it’s a good idea not to use the same password across multiple sites, as this increases your data’s vulnerability.
In the age of flexible working, not all employees will be stationed at a desk five days a week, so it’s pivotal that all devices – mobile phones, laptops, tablets etc. – have the relevant protection measures.
Where possible, it’s best to avoid free, public Wi-Fi hotspots, because they don’t guarantee a safe connection. A much better and more secure alternative is to use a Virtual Private Network (VPN). A VPN provides an end-to-end encrypted connection between your company network and the location where the remote worker is situated. This tunnelled connection cannot be broken by third-party sources, thus adding an extra layer of protection when your employees are out and about.
As well as the measures outlined above, ensuring someone is monitoring your systems at all times is a sure-fire way to keep on top of any cases of unauthorised access – nipping them in the bud before they have chance to escalate into a detrimental breach.