As online threats continue to make headlines, one thing 2020 has shown is the primary target of bad guys is increasingly people. This makes sense—why spend all that time trying to hack past security systems when it is generally easier to trick someone into letting you in?
Think of it like a car alarm: the best system in the world becomes ineffective if the keys are left lying on the hood. Human behaviors are both the greatest line of defense against cyber incidents, and the greatest risk. That’s why a crucial component to an effective security program is an informed, motivated and equipped workforce.
Employees of any company can help ensure the integrity of their company’s networks and systems in many ways. Some of those include:
- Think before you click. Never click unsolicited links or open unsolicited attachments in emails or text messages. If a message seems too good to be true, creates a strong sense of urgency or somehow plays strongly to your emotions, it could be a cybercriminal trying to trick you into entering credentials or other protected information.
- Update your system. Cyber criminals often take advantage of unfixed bugs in your computer’s apps or operating system. The more current your software, the fewer known bugs there are for them to exploit. Turn on automatic updates whenever possible.
- Only use company-approved tools. Whether it’s a device, app or even your internet connection, be sure to only use approved resources when working with sensitive or protected information. For example, public Wi-Fi hotspots are usually always a bad idea from a security standpoint.
On top of those everyday basics, the shift to working from home has presented a fresh set of challenges in the cybersecurity realm. While most of the core cybersecurity best practices still apply to anyone working remotely, how employees do their work and who may potentially use their devices has changed.
It is important for employers to emphasize expectations around how a work-provided device can be used outside the office. The extended time at home with these devices may lead to employees being tempted to use the device in unintended and risky ways.
Employers and managers should aim to make their employees part of a culture of accountability and security. “Make it part of your business’s culture,” says Kerry Kremke, Blue Cross and Blue Shield of Nebraska’s chief security officer and privacy officer. “Employers and managers can think of it like a security awareness loop with employees: you analyze your current situation, plan out how to best handle any areas of concern, train employees, reinforce that training throughout the year and then start that cycle over again.”
A focus on employee education should be central to all security programs. The effectiveness and compliance with policies and protocols are greatly improved when employees understand and believe why they are being asked to do, or not do, something.