5 Things Your New Employees Need to Know About Cyber Security from Week One
If you’re a CEO or IT administrator, you’ll need to spruce up on cyber security training before indoctrinating new hires. If the latest Yahoo data breach proved anything, it’s that today’s cyber threats are terrifyingly real.
That said, 2016 has come with a slew of new cyber threats and surprising avenues of danger. If there’s anything business operators now understand, it’s that no company is safe from data breaches. Today’s hackers are breaching enterprises at their weakest point: their employees. To ensure your company’s protection from cyber threats, you’ll need to strike out negligence among employee and boost their understanding of password and cyber security.
If it’s your employee’s first week on the job, you’re in luck! Below, we’ve compiled the five most important cyber security tidbits you can show them. Take a look:
1. Keeping a Clean Desktop and Mobile Device
The first order of business is to make sure your need employees keeps their digital devices and work space clean and secure. This means your new employees should do the following:
- Reduce or remove desktop clutter, stray files and changing information ends. Keeping a clean desktop and mobile device is vital to maintaining a tight, secure business area. Your employee’s desktop and mobile hygiene should extend to emptying the recycling bin, keeping deleted files low in number and updating often.
- Install software updates on all internet-connected devices, and set up automatic updates. Sometimes, automatic updates aren’t engaged immediately. If this is the case, notify your employees whenever new desktop and mobile updates become available. In any case, employees bringing their own devices to work should be urged to strategize with your in-house IT department to secure tablets, smartphones, wearables, desktop, and laptop devices. In addition, discuss antivirus and anti-malware solutions with your business’s IT administrator, and focus on a streamlined approach to device protection.
2. Using Good Password Practices
Next, you’ll need to secure a workplace culture of password security. Both customers and businesses, alike, will be stuck with passwords at one point or another. That said, you can secure your workplace by teaching wise password practices:
- Make strong, unique passwords for all accounts. New employees need to understand the importance of making strong, unique passwords to protect all of their accounts. They should create passwords that are longer than 8 characters in length, have a combination of letters, numbers, and special characters, and should not contain “guessable” words and phrases. For additional tips on how to create strong passwords, you can also share this guide on how to create strong passwords.
- Require multi-factor authentication for logins. To boost password security, your business should require more than one identifiable shred of information to access work-related accounts. By using multi-factor authentication, you can secure digital access using a time-sensitive code, facial recognition, fingerprints, retina scans, smart tokens (like Yubikeys), and even smartphone authenticator apps.
- How to manage and store passwords safely. New employees could easily become overwhelmed with the sheer number of credentials they need to memorize and manage for their work accounts. To help them remember their new passwords, provide resources on how to use password mnemonics or other tricks to help them create strong, yet memorable passwords. You can also go a step further and offer them an enterprise password manager.
3. How to Identify Suspicious Links and Emails
Unfortunately, we live in a world of phishing emails, malicious links, sketchy websites, and malware. Phishing attacks are rampant in 2016, and you’ll absolutely need to train your incoming employees on how to identify these signs of a phishing email:
- Check the email display name. Teach new employees to never trust an email’s display name. Email display name spoofing is very common, and it’s destroyed hundreds of big brands from the inside out. If a fraudster wants to spoof a brand, they’ll hide behind a fake, yet similar, display name. Teach new employees to check every email’s header address, rather than trusting a display name blindly.
- Check for spelling errors. Tell them to examine every message’s salutation, too. Any urgent content in an email’s first line, too, should be reported, and any in-body links should always be subject to workplace clearance before they’re expected to be clicked. Teach employees how to right click email links, too, to determine their origins and boost enterprise security at the bottom level.
- Don’t respond to the “urgency” trick. To encourage an employee to click a malicious link or share sensitive information promptly, a hacker will often use language in their emails that creates a sense of urgency. In this case, new employees should always validate or report the email to an IT administrator before performing any additional actions.
Check out this guide for a comprehensive run-down on phishing attacks, and protect your business from the ground up.
4. Backing Up Work and Protecting Sensitive Documents
It’s important to keep multiple copies of vital documents, but it’s even more important to ensure their storage. Workplace computer crashes, virus infections and even hardware destruction can happen. Data loss is often unexpected. This is why it’s incredibly important to adopt a business strategy surrounding remote-stored information:
- Storing sensitive information properly. New employees should be taught to avoid storing sensitive information directly on the work computer’s desktop, in a Word document, an Excel sheet, or other unencrypted files and folders. Similarly, remind them to remove sensitive information from your phone’s Notes app. They should also know that sticky notes, stray paper, and other writing platforms should never contain important information, like passwords, email addresses, usernames, etc. Important physical documents and removable storage devices, like flash drives, should be locked in a filing cabinet when not in use.
- The fundamentals of file backup. It’s important to keep multiple copies of vital documents, but it’s even more important to ensure their storage. In general, adopt a smart, cyber security strategy surrounding remote or cloud-stored information. Dropbox, Google Drive, and OneDrive are all secure, flexible and ever-updating solutions and they’re incredibly useful for businesses of all sizes, but make sure your business has a secured cloud storage platform and teach new employees what to store and how to store it.
- Follow security protocols around Bring Your Own (BYOD) devices. If possible, adopt a business culture welcoming of laptop computers and tablets, but also set regulations to limit a number of security risks that may arise with BYOD devices. New employees should work with the IT department to make sure their BYOD device is password protected, updated with the latest software, has anti-virus and anti-malware programs, a secured internet, Bluetooth connection, and has approved applications that can be used while at work. This also applies to mobile devices, including smartphones, tablets, and wearables.
5. Reporting Data Breaches and Cyber Threats
In any workplace, communication is absolutely key. Zero-day vulnerabilities do exist, and they can destroy a business’s digital foundation if overlooked. Each and every employee needs to deeply understand your business culture’s reporting standards, and each should know how to report cyber attacks at the first sign of inception.
- Report suspicious programs or activity immediately. Along with suspicious link reporting, email security and online judgment, any sign of malware, adware or viruses should be reported on the spot. While, presumably, your workplace’s computers are outfitted with anti-virus software, they’ll still send up a red flag when suspicious activity occurs. Before your employees file an online report, they should file an in-house report to your IT department. If they are the IT department, they should isolate the threat, neutralize it and immediately determine its origin.
- Quarantine the virus and remove it as soon as possible. Some anti-virus software kits come with a “quarantine” option to reduce a potential virus’ threat and give an opening for examination. This approach can be useful, but don’t place your workplace in unnecessary risk by keeping shady files and programs around. Again, keep everything clean.
Cyber security isn’t difficult to maintain, but it is a long-term investment. Teach your employees, give them annual brush-ups and make sure everyone is on the same page to promote a safe, secure workplace.
To help your new employees, we created a shareable checklist of the security best practices they should begin practicing on their first week on the job! You can share this document in your new employee welcome toolkits, in a company-wide email to new employees, or in print as a poster!
Click here to download checklist.
Sign up to receive news and updates about Dashlane