You can install virus protection software, spam filters and a thousand firewalls on your company computers, but all it takes is one employee making a bad decision online for everything to come tumbling down. As Computer Science Corp. director Mark Rasch told Bloomberg Magazine, "There's no device that will stop people from being idiots." If you're not educating your employees about Internet security on a regular basis and implementing "human" policies or rules for your personnel to follow that govern how they use the Internet at your workplace, then it's time to start.
Keep the Training Coming
The Internet evolves as fast as the world around it, and new sites and trends spring to the forefront of our attention every day. Many companies have initial training for new employees, but that often gives them a fraction of the information they need to stay safe online. Provide ongoing training to show employees the risks of new cyberattacks and phishing efforts. Keep everyone's attention on the subject every day by subscribing employees to the SANS Security tip of the day. Offer monthly testing sessions to put employee training into place with real-life scenarios.
Create a Comprehensive Platform
If your company has embraced a BYOD (bring your own device) policy, you may enjoy greater morale and productivity, but along with welcoming a variety platforms comes more security risks. CMO Ahmed Datoo of Zenprise discusses the risks of employee mobile devices in the workplace with SearchSecurity, noting that employees who treated their smartphones like computers represent a "disaster in practice." A company that implements BYOD needs to implement protocols that can disable and wipe mobile devices whenever theft or hacks put business data at risk.
Empower the Administrator
So many viruses, Trojans and pieces of malware plague the Internet that any one of them could be hiding behind a simple download. Employees should understand the risks of downloading anything from the Internet. Better still, of all the people in your company, the information technology administrator should possess the sole power of installing software or new programs on company computers. Using an organized business solution such as Google Apps for Business enables your company to keep track of meetings, calendars, email and documents through one secure cloud-based platform. This keeps company information secure and helps with cost, productivity and efficiency. Google's Postini e-platform support service recommends providing administrator privileges to no more than one additional user to serve as a backup, so that privileges remain in the hands of the IT security team.
Comprehensive Security, Before and After
The end game of hackers, phishers and cyber-attackers is access to your company's sensitive information, your employee's identities or the bank accounts of anyone they come across. The best way to prevent identity theft in a company setting incorporates education along with enrollment in a proactive identity theft protection service. Training sessions in tandem with protective phishing filters and a credit monitoring service provides you with protection before, during and after the threat of a hack or phishing attack. Symantec reports the average cost of a data breach tallies in the millions, while the United States experiences nearly 30,000 cases of data theft per year. Companies without comprehensive Internet security and data protection policies in place risk too much to justify the cost savings of a poor or non-existent security platform.
