With the ability for hackers to establish a beachhead in your business with little to no effort, security awareness is about current security threats, company security policies, and the personal role each plays in keeping your business safe from cyber threats.
Unfortunately, many businesses don’t know where to begin the development of a program or what areas they should focus on. Broadview Academy is here to help. Together, we can get your employees up to speed on the basics of security awareness or augment an existing program with additional education and guidance on good employee security policy and how it relates to the workstreams of your business. Here’s a peek at some must-haves as part of any good program:
- Phishing and social engineering
- Passwords and network access
- Device security
- Physical security
Phishing and Social Engineering
Social engineering is an attack that happens when a user is deceived into divulging information. Phishing, which is an attempt to get sensitive information like passwords and credit cards from someone through email or chat, is a common social engineering attack. Employees should have a process in place for informing the right person or department in a timely manner if they believe they are receiving malicious email communications. If one employee is being targeted, it’s likely many others are, too. Alerting the right staff in a timely manner is critical for preventing a phishing scam from entering the network and spreading company-wide
Passwords and Network Access
In general, passwords should be unique to each application and information source, at least eight characters, contain letters and special characters, and stay away from obvious information like names and birthdays. Further passwords should be updated every 90 days and never stored on sticky notes affixed to monitors or keyboards or shared with other employees.
In an era where more and more personal devices operate within the workplace, employees must understand the potential security risks of connecting to the enterprise network from their new phone or tablet. The same threats posed to company desktops and laptops also apply to personal devices. Ideally, you will work with employees to ensure they have the means to securely access resources from their own device, but they should always be mindful of the websites they’re browsing, the applications they are installing, and the links they’re clicking on.
This is an area of security often overlooked and in need of a good refresher, especially with so many employees now accustomed to working from home and out of practice with good office security measures such as:
- Locking all devices. Employees should re-establish the habit of doing this every time they leave their desk.
- Locking their docs. Sensitive materials should be stored in a locked cabinet and not left sitting on an open access desk.
Ready to get started? We’ve got you covered. Let’s chat about your employee security awareness needs: