3 Ways to Create a Cyber Security Culture in Your Workplace
Today’s workplace is more concerned with online attacks than before. As hackers launch cyber-terrorist attacks against businesses of all sizes, everyone from the customer to the CEO is concerned for the safety of their information. Some of these hackers don’t do anything but break into the system and vandalize webpages and cause other types of chaos, but many are looking for credit cards and other information they can use to make money. Both types of attacks damage your reputation and can result in hours of additional work for your team.
The solution isn’t just to create stronger security for your network. It’s to create a workplace culture that understands, prizes, and implements computer network security protocols on a regular basis. Creating this culture involves starting with a strong foundation and building up while making certain your team is there with you.
- Don’t Forget the Basics
Many businesses look to the latest in security tricks, programs, and concepts as the only things that can protect them. However, in doing so, they often forget many of the basics. Following some of the basic security methods can actually stop most attacks, especially those done by amateurs who aren’t serious hackers. Following these basic security protocols is often very easy and very affordable, too, so your business doesn’t have to spend a lot of money to protect itself. Here are some of these simple yet powerful methods of defending your network.
Use Strong Passwords – Strong passwords are the first line of defense against a cyber attack that would turn your own users against you. Your employees must understand that asking them to create long passwords that use a mixture of letters, numbers, capital letters, and special characters isn’t just because you want to make them remember something difficult. These passwords can often be the only thing that keeps someone from breaking into a user’s account and doing anything they want with the data found there and the access that account has.
Patch and Update Regularly – Software isn’t perfect. In fact, most software has a few glitches in it, even software that has been on the market for years. Sometimes, these glitches aren’t really noticeable and don’t affect the overall operation of the programs. Other times, these issues open up your system to attacks by creating vulnerabilities that can be exploited. Keep all of your software, especially programs such as your antivirus scanner and your firewall, patched and up-to-date. If a company says a patch addresses a security issue, make sure to install it right away.
Know Your Norms – What does your system look like when everything’s normal? If you don’t know, then you can’t really know when something has affected your network. You need to have a baseline image of what everything looks like before you encounter any issues so you have something to compare a potential cyber security breach to.
Limit Access – Most employees only need access to a small amount of your overall computer network, so why give them access to everything? By limiting access, you protect your more sensitive data since only those who truly need to access it can. This way, even if an employee account is hacked due to a weak password, chances are the hacker can’t get much information because the account’s access is limited.
Inventory Your System and Monitor It – Take an inventory of the programs and other resources on your network and update that inventory when you add or remove anything from your system. This way, you know what programs should be there and can more easily spot something that doesn’t belong.
Once your system is inventoried, you want to add real time intrusion detection software such as Snort to your system. This program will monitor your network and alert you to anything suspicious, including users trying to access files they have no business trying to open. Using Snort will help keep your network safe even when you’re not actively watching it, such as during the evening and early mornings.
- Train Your Employees
Your network security is only as strong as your least-trained employee. That’s because employees often leave doors open to hackers and others who want to infiltrate your network. But it’s not always the employee’s fault. If they were never trained in good security techniques, how can they be expected to know that they shouldn’t open email attachments from senders they don’t know or that they shouldn’t use a simple password?
Training is especially important in today’s BYOD culture where employees often bring smartphones, laptops, tablets, and flash drives to work and connect them to the office network. You have no control over the security on these devices, so they could be riddled with viruses and malware. Teaching employees how to protect their own computers not only helps them keep their systems clean, it also protects you.
There are a number of ways you can train your employees on good network security protocols. All new employees should go through computer security training so they know the basics. You can reinforce this training regularly by including monthly security tips in your internal newsletter or in emails. Having refresher courses annually may also be a good idea, especially if you’ve had some employees become lax in following network rules.
- Encourage Leadership to be Role Models
If your senior leadership takes your online business security seriously, everyone else will, too. However, they have to be seen as leaders in this area, which means they have to follow all of the rules as well. Some senior executives may feel as if the rules don’t apply to them, so they’ll use weaker passwords or leave their computers unlocked while they’re out of the office. Executives often have more access to the system than other users, so having one of their accounts compromised can be disastrous.
This doesn’t encourage anyone else to be vigilant about their computer security. If your top level managers don’t follow the rules, why would anyone else? Make certain training starts at the top and that everyone, from the CEO down, follows your security protocols.