At the end of 2015, CNN reported that cybercrime costs the average American company $15 million a year. There are a number of reasons why cybercrime is on the rise. For example, some large and mid-sized businesses don’t take advantage of all the security measures at their disposal. Small business owners tend to think that they won’t be the target of an attack—a mistake, since 43% of all cyberattacks are against small businesses. While not every CEO or manager is familiar with the newest technologies, they all understand the need to keep employees and company information safe. Due to the highly technical nature of the crimes, it would be easy to think that the IT department can manage all safety risks. However, there are some fairly simple and straight-forward ways for everyone at a company to be involved with security.
Lead the Way
First of all, the company owner and managers should show a commitment to protecting company and employee information. One way to do this is to allow the IT manager to do a very thorough examination of the network and make recommendations to improve its security. Second, encourage a workplace environment where people can ask questions about technology without feeling silly—there is no stupid computer security question. Finally, you should assume that your company and its information are targets for hackers. This mindset will allow you to see your business in a new light—and help you take steps to protect it.
A Meeting of Minds
Your technology workers are part of your company’s strength, and they can be used to help promote a workplace environment that practices cyber safety. Schedule brief meetings where the technology workers choose one security issue at the company and explain how everyone can help with the issue. For example, one way for cyber thieves to get into a company’s computers is by “dropping” a flash drive in a company’s lobby or entryway. An employee usually picks it up and inserts it into a company computer to see what is on the device—and that is when the malicious software on it is given access to the company network. One solution would be to have all “found” devices turned in to the IT department for identification.
Strength in Numbers (and Letters)
You may already be familiar with the idea that employees should change their passwords regularly. However, research from the FTC has shown that this may not be a good idea—and can actually result in weaker passwords. However, a better idea would be to have a strong password in the first place. The strongest passwords are usually more than 8 characters long and do not include common words. One approach to strong passwords involves creating a password out of the first letters of a sentence with some numbers. For example, Yogi Berra’s famous line “It ain’t over till it’s over” would become “IAOTIO”. Adding a few numbers (such as the current date or birthday) before or after this would create the password “9022016IAOTIO” (an easy way to remember this password would be to think that the password was created on September 2, 2016 and “It ain’t over till it’s over”). There are many other ways to create passwords.
Don’t Touch That File
By now, most people are familiar with at least some email scams. For example, there are unsolicited emails that pop up in your in-box that promise fabulous wealth. There are also emails that seem to come from reputable companies that ask for information, as well as missives that contain a link or file to click on. A good email filter can get rid of some of these, but educating employees can help. For example, employees should be reminded to never click on a link in an email from an unknown sender. Also encourage employees to report emails that ask for financial, corporate, or personal information that seem to come from real businesses. Unless the employee knows the sender, he or she should never click on a link or download a file from an email message.
Much can be said about protecting company and employee information; the US Computer Emergency Readiness Team (US CERT) offers many more resources and insights. The most important part of protecting your business is to admit that your company is a possible target for criminals and then plan on how to thwart their efforts with your existing resources. By making your workplace a safe place to ask security questions, encouraging communication between technical and non-technical employees, helping employees create strong passwords, and reminding everyone to be wary of their in-box, company owners can begin to make their workplace more secure.