The people in your business are the heart of your company’s security.
In this lesson, we’ll look at how you can help your employees protect your business, through training, resources, and a strong security culture.
When it comes to security training, make sure it’s regular, targeted and comprehensive.
Keep employees up to date on the latest company policies and guidance, as well as their own individual responsibilities. Tailor training for each role so employees learn about situations they’ll encounter in their specific jobs. Finally, make sure you cover how to spot a security problem, how to report it, and what to do if something goes wrong.
Let’s take a look at a couple of examples of training you could provide.
Setting strong passwords should be standard company practice. Remind your employees that it’s their responsibility to set a strong password for their corporate accounts.
Apart from making passwords difficult to guess, make sure everyone in your business uses a different password for each account or service, and NEVER uses the same passwords for personal and work accounts. Using different passwords means that even if someone figures out a password for one account, they can’t use it to access other accounts.
You should also make sure employees know they must never share passwords or accounts with each other.
A common security problem to be aware of is phishing.
Phishing is when someone tries to trick you into sharing personal information online. It’s typically done using email, ads, or sites designed to look like they come from legitimate businesses you already deal with.
For example, an employee might get an email that looks like it’s from his bank asking him to confirm his bank account number.
Remind your employees to be careful when clicking on email attachments, downloading files or visiting new URLs. Advise them not to click on links in unsolicited emails, and to look out for suspicious sender email addresses and email signatures.
There are other steps you can take to minimise the risk of successful phishing attacks, such as implementing 2-step verification.
In addition to training, ensure your employees have access to security-related policies, practices and guidance whenever they need it. For example, you could establish an internal website where security information and training course material is published so your employees can refresh their knowledge. It’s also worth publishing the contact details of a designated mailbox or security specialist who can answer questions or concerns.
Training and resources are a great start, but it’s just as important to make sure your company has a strong security culture. People working in a company with a strong security culture understand that everyone plays a role in the security of their business.
When you have a strong security culture, employees feel able to report concerns or mistakes without fear of blame. Instead of pointing fingers, you’ll focus on identifying and resolving problems quickly and efficiently, and then look at how to prevent similar problems happening again. Talk with employees regularly about security, encourage them to share any concerns honestly and directly, and ensure your company leadership are modeling good security behaviors.
When it comes to the security of your business, your employees are your first line of defence. Training them and providing them with the resources they need to help protect your business online will help to develop an overall culture that is more security focused.
Think about the security culture in your business. How can you improve your business's security culture, training and resources so that you and your employees are better prepared?
- examples of training topics, including password security and phishing
- the importance of providing employees access to training resources
- how nurturing a strong security culture can benefit your business