There is a general lack of awareness amongst people when it comes to cyber security, and they often don’t believe they could be putting their company at risk. Yet, while companies need to ensure employees are secure, there’s also a balance that needs to be made.
If security ends up hindering how an employee carries out day-to-day tasks, they will be less inclined to practice best security practices. They may also attempt to circumvent security policies that are in place, which can generate even greater risks.
In light of this, here are five ways businesses can ensure their employees are the front line of defense when it comes to security:
Enforce basic password requirements
Naturally, humans resort to using the bare minimum required when creating a password, and this doesn’t change in the workplace. Because of this, it’s important businesses establish password requirements, such as minimum length, and complexity.
Employees should also be strongly discouraged from using “simple” passwords, such as birthdays, pet names, or common number sequences, such as 123456. IT should also require that a new password isn’t similar to a previous password, and that passwords are changed at a regular intervals.
Turn on two-factor authentication (2FA) across all accounts
In addition to having a strong password, businesses should turn on two-factor authentication (2FA) across all accounts. 2FA involves the user entering a second piece of information, such as a fingerprint, or one-time code, in order to gain access. This extra layer of cyber security ensures even if a hacker does obtain a user’s password, they won’t be able to get into the account.
Furthermore, adopting 2FA will mean user credentials are protected from password guessing software, mitigating any damage from successful phishing attempts. Organisations are increasingly seeing the benefits of 2FA and are implementing it across the board as part of wider security policies.
Manage user access
Whether you have five employees or 500, it’s crucial that only the right people have access to the right information. Sensitive data should be shared with as few people as necessary, and protocol should be followed if an employee wants to gain access to an account they don’t know the credentials for.
Businesses should also devise a system to keep track of passwords across accounts, listing which employees have access to which accounts. Not only does this keep your password management organised, but it also means that when an employee leaves the company you know which passwords to update.
Issue guidelines around using our own device
As remote working becomes more accessible to the workforce, employees are increasingly using their own devices when working. Work and personal is more integrated than ever, and employees want to be able to access their services where they want to, at their own convenience. While this has many benefits for both the employee and the company, it also comes with a risk.
For example, if employees attempt to access company data via public WiFi they be unknowingly exposing corporate accounts to risk. Therefore, companies should educate employees in the risks involved with using personal devices.
Create a formal policy
Finally, businesses should develop a formal cyber security policy, which encompasses all the tips above, and any other security related information that employees need to know. The foundation of the policy should be the understanding that humans are just as important as technology. New and existing employees should be trained, and re-trained, so they’re educated about potential risks, and understand how they can help minimise the company’s exposure to potential threats.
Finally, it’s important that the policy isn’t seen as a chore. One approach to engage employees is gamification. This can turn training into something fun which everyone can get involved in.
Steve Schult is Sr. director of product management at LastPass