Security and Compliance
Security Checklists for Employees: Awareness Can Save You from a Breach
Your company might use iron-clad network protection and implement encryption across the board. However, your data and systems are still at risk of a cyberattack if you aren’t focusing on employee awareness. This risk exists because employees are behind a significant chunk of data breach incidents. Following security checklists for employees can help to raise awareness and ensure your company is protected.
Human Error Is a Major Cybersecurity Weak Point for Businesses
Employee negligence is a major cybersecurity issue for businesses of all sizes. Shred-It’s Ninth Annual Data Protection Report revealed that human error continues to be the driver of most data breaches. Fifty-three percent of C-suite executives cite external human error or accidental loss as primary problems. Twenty-eight percent of small business owners feel the same way. In the report, Ann Nickolas, Senior Vice President of Stericycle, says, “For the second consecutive year, employee negligence and collaboration with external vendors continues to threaten the information security of US businesses.”
A data breach can have severe consequences when you add up reputational damage and lost revenue. Employee retention can be a problem as well – 33 percent of respondents in the Shred-It survey stated that they are likely to seek employment elsewhere after their employer experiences a data breach. That goes for both breaches of consumer and employee data.
According to the 2020 Cost of a Data Breach report published by IBM and the Ponemon Institute, the average cost of each lost record is $146. As losing thousands of records during a breach is common, shoring up your employees’ cybersecurity habits is well worth the effort.
Use this security checklist for in-office and remote employees to figure out what steps your company can take to reduce the risk of a breach.
1. Train employees to recognize phishing emails
Email phishing attacks are common. With this type of cyberattack, a hacker sends an email that appears legitimate and asks the recipient to share information or download a file.
To protect against phishing emails, it’s important to use advanced email protection, which will help to weed out spoof emails and other external threats. Also, make sure all of your employees understand what a phishing email looks like, what the risks are if they fall for one, and what they should do if they spot what they think might be a phishing email message.
2. Remind them to change their passwords regularly
Changing passwords regularly is an effective way to prevent data breaches, but few people remember to update theirs. To help your employees, send out a reminder email periodically, such as once every three months, telling them to change their passwords on all devices and system logins.
Use this email to go over password creation best practices, such as not using birth dates or other personal information and creating long passwords with a variety of characters.
3. Recommend two-factor authentication
With two-factor authentication, even if a hacker steals an employee’s password, they still will be locked out of their device or system. This is how it works: an employee will use a password and another identifier such as biometric data or a code sent to their email or phone number. Since a hacker can’t steal biometric data and likely doesn’t have someone’s device, as well as their password, their chances of breaking in drop to nearly zero.
4. Establish a data breach policy
What an employee does after a suspected data breach will determine how quickly your business recovers. If they don’t act quickly by alerting your IT team, a hacker may have enough time to infiltrate your systems and do extensive damage. With a fast response, it’s possible to lock down your network and mitigate the risks.
Tell your employees who they should contact if they notice a suspicious email, receive a security alert, if their device is stolen, or if they believe something is amiss with your company’s networks. Also, let them know they won’t be reprimanded if they fall victim to an attack. Employees should know they have their employer’s support. Otherwise, some people may not speak up when there’s a problem.
5. Discuss mobile device usage
If employees are using their smartphone or another personal device for work, teach them how to use their devices securely.
- Always install the latest updates to ensure they’re using the newest operating system. These updates often include critical security updates.
- If your company isn’t using a virtual private network (VPN), employees need to be very careful about what network they use when accessing business apps remotely. Only log on when using a secure network. They shouldn’t ever use public networks such as those found in coffee shops and airports.
- Practice good flash drive hygiene – only use company-issued drives. Once one leaves the office, it should be wiped clean or discarded upon return.
Make Cybersecurity a Part of Your Work Culture
Following cybersecurity best practices such as using two-factor authentication, avoiding suspicious emails, and changing passwords regularly can go a long way in protecting against an attack. But, if cybersecurity isn’t a part of your work culture, it’s easy for these best practices to be forgotten.
Cultivate a cybersecurity-aware culture by openly talking about risks, updating your employees about new best practices, providing training for new employees, and refreshing knowledge with regular internal messaging such as company-wide emails or training meetings.
The effort is well worth it. To learn more, read our eBook, Preventing Insider Risks: A best practices guide.