Your IT department is working hard to prevent a company security breach, but its defense is incomplete without help from the office team. Security lapses from employees or contractors were the No. 1 cause of data breaches in 2017, according to a report sponsored by password management service Keeper Security.
Office administrators play a role in keeping these threats at bay, providing you with a great opportunity to have a larger impact on your company. By serving as the communications conduit between IT management and staff, you can display your skills and show how effectively you can get everyone on board.
Use the following tactics to help boost security in your company.
Beefing Up Password Habits
Eighty-one percent of hackers use stolen and/or weak passwords to gain access to data, according to Verizon. Your team can fight back by creating unique, hard-to-crack long-form passwords for each and every account they use.
It is important to note that some of the well-established rules surrounding password creation may be evolving. For example, some experts advise that a longer, all-lowercase password with a memorable phrase known only to you might provide greater protection than a random one that uses a combination of upper- and lowercase letters and special characters. Also, frequently updating passwords isn’t as strong of a protection method as previously thought. Continual password updates aren’t helpful if people are changing only one character, for example, since this makes passwords more vulnerable to hackers.
To simplify things for your team, consider asking management to invest in a password management tool. Services like LastPass, Dashlane and others generate and store secure passwords. Under no circumstances should employees write their passwords down on paper or on their computer.
Urging Software Updates
Outdated software systems are rife with vulnerabilities, and attackers often target these weaknesses to gain access to sensitive data. Suggest a companywide policy that encourages people to accept software updates once they become available on all devices they use for work. As part of the policy, ask for email confirmations that updates have been installed.
It’s also important to train those in your company on which types of software are IT-approved and what can and cannot be downloaded from the internet. Work with your tech team to determine your company’s standards and make sure there is a plan in place to consistently communicate them to your coworkers.
Focusing on Real-World Security
Lapses in online systems aren’t the only cybersecurity risks. Physical security is just as important at keeping digital data out of the wrong hands. Laptop locks can secure your colleagues’ computers when they are away from their desks. Ask them to also enable screen savers and lock screens that automatically activate after computers are idle for a certain period of time.
Other safeguards to invest in include paper shredders to destroy sensitive documents, locked cabinets to store physical files and privacy filters for computer screens and monitors. You can also look into smart devices — such as printers — that add an extra layer of security through built-in mechanisms to stop attacks. Any computers or other hardware your company buys should come with built-in security measures and be IT-approved.
Highlighting Common Attacks
Nearly half of businesses that were cyberthreat victims in 2017 experienced a phishing attack, according to the Keeper Security report. If your team knows what form phishing attacks usually take, they’ll be better able to sound the alarm and less likely to fall prey. For example, one type of phishing scam involves criminals posing as company executives and requesting an urgent transfer of funds or confidential information.
Work with your IT team to implement training on how to recognize and avoid common potential scams. Make it clear to your colleagues that they should never respond to suspicious emails without first reporting them to IT. Consider sending out a fake email that mimics a phishing attack to test preparedness throughout the business.
Backing Up Backups
No company can be completely safe from a cyberattack, so it’s important to make copies of important data in the event it is lost or stolen. Encourage your colleagues to regularly back up data on their work devices.
Your IT team may choose to use external hard drives, offsite data storage or a cloud-based system that backs up computers and servers automatically. Whatever the approach, be sure you clearly lay out what information team members are responsible for backing up, the process for doing so and how often it must be done.
By following data security best practices and communicating them to your co-workers, you help protect your company from financial and reputational damage. Your vigilance could mean the difference between just another day and a disaster.