We want to get into what what we call an Internet acceptable use policy. We want to talk about the things that you can do as a management team to educate your staff and to help enforce the policy that you need to maintain for your organization.
Cyber security starts with the end-user. Keep in mind the most important cyber security measure for your business is your staff. End users are paramount to make sure that your environment is as safe as possible. So how do you tackle this hurdle? This first key is to establish or update your Internet acceptable use policy. Do you and your staff follow a policy outlining what constitutes a safe user versus unsafe user? If you don’t have this documented be sure to do so as soon as possible. Let’s go through the a few examples of what I’m talking about.
Where do your users keep their online credentials? Where are they stored? Some folks store their passwords on local computers or e-mail accounts. This is NOT a good practice. Hackers are looking for this information as soon as they penetrate an organizations network. So what’s the solution? Change your policy and make sure that everyone’s passwords are encrypted on other devices and not on your local network. If some folks want to write things down in a notebook that maybe somewhat old-fashioned, but it’s very hard penetrate a notebook if you’re halfway around the country as a hacker or halfway around the world for that matter the bottom line is keep credentials off of your LAN and off of your staffers computers.
How secure or how strong are those passwords? Are there folks in your organizations still using default passwords that came with a new device, computer, or software application? Assemble your team and let them know this is a dangerous practice and it is completely unacceptable. Hackers use simple password combinations in the hopes that they can penetrate end-user information. Don’t leave your self vulnerable. Corporate policy should mandate that all passwords are at least eight characters long and use a combination of alphanumeric and special symbols. This is one of the simplest fastest and most affordable ways that you can protect your organization from attacks.
Don’t open e-mails from unknown sources. Fishing attacks, malware and other tools of the hacker trade are all looking for e-mails that they can penetrate for user accounts. This is still the biggest threat to Internet security. It is critical and central to your policy that you educate your end-users on these dangers. Do not open e-mails from an untrusted or questionable sources. Common sense goes a long way and keeping hackers out if you don’t know the source don’t open the e-mail.
Smart Phones and Tablets
These devices have created a whole other can of worms when it comes to cyber security and they can be the greatest security risk of all. For example the user may inadvertently downloaded virus from their smart phone e-mail. If they do and then they sync up a device to their work computer, you now have the potential that viruses been downloaded on your companies LAN or local area network. Now certainly you may have a firewall system in place that is supposed to stop these kinds of attacks or these downloads but why do you want to put your firewall to this kind of test. Practice end-user due diligence. Users need to be as careful about what they download on their smartphone devices as they are about what they download at their desktop the same risks apply. Keep a safe practices tutorial that’s an excellent way to minimize the risk of security breaches via smart phones. Now I understand it is difficult to enforce policies of staff using their own devices at work, so consider providing company-sponsored devices for your staff. This will certainly cost you more money but there is also an upside in terms of security with these devices. What you’re talking about his control if you’re providing the devices you can certainly restrict websites, apps and different items from your staffers so that they can’t access those and inadvertently create a problem. This most certainly will cut down on the risk of viruses and security breaches.
Remember these basics while being basic are very important. Be sure to teach you or end-users how to close off these security risks and it will go along way enhancing the cyber security for your organization.