You’ve probably seen movies in which a spy moves silently through the dead of night, slipping through security cameras and laser beams to slide a USB flash drive into a computer in the center of a fortress. It’d be so much easier for companies to protect their data and customers if all they needed to do was invest in defending one computer from some caper, but IT security is far more often a semi-clever attack targeting your employees or partners through social espionage or cyberattacks.
The best encryption and a brilliant security team are extremely valuable to any company. However, developing training and protocols to empower EVERYONE who works at your company is mandatory to manage the very real security risks.
Everyone, really?
Yes, everyone is needed to protect data. Security breaches can often seem like no big deal until it’s too late. The angry, urgent call demanding that an administrative assistant provide the information on a printer is all that’s needed to get into a network without notice. Given enough time, the hacker can use the point of entry from the printer to work deeper into the network. Or someone coming into work might find a USB drive in the parking lot, put it in their computer to see if they can return it to the rightful owner, and end up infecting the whole network with a virus. If a company is interested in protecting its data, it’ll empower all its employees to protect the company.
Okay, fine—but how?
We’re so glad you asked. There are several things a company can do to empower its staff. Here are our top ten tips:
- Communicate with your staff about their responsibilities, accountability, and authority in their position. Empower all employees to act like owners over their space, data, and jobs.
- Provide organizational data to your staff. It’s important, especially in larger companies, that staff can see who works at their organization and who their bosses are. That way, staff members can verify requests and questions before giving out information.
- Trust your gut. Tell staff that if something seems weird, they should report it immediately. Situations that arise where an employee feels unnecessarily pressured or has someone new asking for something unusual can be flags indicating that someone is trying to get information they shouldn’t have. Encourage employees to trust their judgment.
- Create security protocols, share them with staff, and publish them somewhere accessible to everyone at your company. These protocols should have clear paths for each staff member to stop a possible attack and escalate the issue. In tech departments, this can be a challenge. No one ever wants the network to go down but trusting a tech to pause service and escalate to the security team is much better than losing banking or personal information.
- Train and test your staff. Provide information on ways they can take ownership in protecting the company. Have your security team run white hat challenges to see if retraining is needed to empower all employees to protect company data.
- If possible, provide corporate devices for employee work. A separate work phone keeps the network more secure and not subject to the emails and applications staff put on their personal devices.
- Teach and practice good technology management by keeping browsers updated and patching networks for known issues.
- Have a security team on hand or work with a security firm to assess and troubleshoot your current network setup.
- Encourage staff to be thoughtful about the email attachments they open or the links they follow from email.
- Practice like a breach is inevitable. This is one area where defense is the best offense.
There isn’t much a company can do to prevent attacks, but there is a lot a company can do to empower its most valuable resource—its people. When we work as a team to secure the company, we can stop attacks or respond faster with better outcomes.