Security is usually one of the highest priorities for any member of a technology team. An organisation’s IT department is usually tasked with maintaining security and protecting a business from technology related security risks.
However, as technology becomes more integrated into our professional and personal lives, all employees in an organisation are in a position to inadvertently put the online security and reputation of an organisation at risk. Conversely, they are also in a position to do their part to maintain security.
The best way to get employees to start thinking about online security and practice good online habits is to develop a set of guidelines and provide training to raise awareness. This will help them to understand why protecting customer and colleague information is so important, as is ensuring the business it not at risk of technology-based security compromises.
Some of the main areas for employee guidelines may be as follows:
Rules for work machines
This might include what applications can or can’t be installed on work computers, as well as rules around using these machines for personal purposes. For example, personal email accounts can be a significant risk. Employees should not be using personal email accounts for work, as apart from being unprofessional, threats can’t be detected by the network filters. Even briefly accessing their personal email accounts for strictly personal affairs can pose a risk to the company’s security for the same reasons.
Another worthwhile rule relates to external drives and USB drives. Unknown files and viruses can infect entire networks and employees should understand that they must use the file sharing methods provided by the company, rather than their own devices.
Guidelines to stipulate that machines must be turned off and powered down every day can also assist to keep the network secure overnight (as attacks can happen over idle connections) whilst also saving electricity and protecting machines from potential power surges.
Requiring regular password changes is the first step in password management. Further to this, encouraging strong passwords, disallowing repeat passwords and providing training on how to protect passwords will help employees protect information effectively.
Training staff on how to detect suspicious emails, files, links and online advertisements will help the fight against malicious attacks and infectious software. Implementing a system to report these things is also a good idea, as is empowering staff to also speak up if they notice colleagues engaging in suspicious behaviour on their computers.
Also, training staff on how to use the company’s spam filters can help the management of malicious emails and phishing attempts.
Backups are crucial as the risk of network infections, accidental deletions and hardware failure are very real. Implementing a system of automated backups is usually the easiest first line of defence but creating guidelines for employees on when and how to manually back up their machines can also be a great second line and provide them with a way to manage any mistakes they might make.
Raising awareness about the risk of online technology threats and developing a company-wide culture of security will ensure that all employees share a common responsibility and will assist in aligning employees with the organisation’s IT security priorities. Comprehensive training and inclusion in new staff induction programs is a good way to create this culture and emphasise the importance of safe online habits.