Employee training crucial this holiday season

Employee training crucial this holiday season

American small businesses know the holiday shopping season is a vital time to make one final push to meet sales goals for the year. With an increase in retail sales, it is crucial that businesses, especially startups, have a robust cybersecurity plan in place to protect themselves and their consumers. An article on Tech.Co looks at how you can protect your organization from falling victim to a cyberattack this holiday season.

By now you may know that cybercriminals often target small businesses, but why? According to CSIdentity Corporation (CSID), a third of small businesses are not proactive in preventing a breach, with half of small businesses not allocating a budget to mitigate their risks. The lack in preventive measures in small businesses is evident to cybercriminals, with Symantec reporting in their 2017 Internet Security Threat Report that nearly half of all cyberattacks occur on small businesses. Small businesses are often unable to recover from a cyberattack, with the U.S. Securities and Exchange Commission reporting that 60 percent of small businesses fail within 6 months of suffering a data breach.

With employees being the first line of defense in preventing a data breach, it is crucial that they are educated on cybersecurity best practices.

According to a recent University of Phoenix College of Information Systems & Technology survey of 2,017 U.S. adults, 8 in 10 said their company has a cyber security policy and nearly all (96 percent) often or always follow it. Despite this, less than half could identify any one specific component of said policy – the most frequent being that their company uses a firewall-protected network (47 percent).”

Although employees may believe they are taking all necessary measures to help prevent a data breach, CompTIA research shows that over half of all data breaches are caused by human error. Common human errors leading to a data breach may include using the same password for business use and personal use, sharing confidential information with unauthorized individuals and opening malicious attachments via email.

Tips for protecting your organization

1. Educate employees on policies and procedures. Meeting with employees to go over the company’s policies together will help ensure they are aware of them. It may also be beneficial to create a checklist to ensure that personnel are adhering to company policies.
2. Create a company policy regarding passwords. Require employees to create long passwords that change often. Complex passwords and password aging will help minimize the risk of a hacker accessing an employee’s account.
3. Install firewalls and anti-virus software. Besides employees, firewalls and anti-virus software stand at the front line in defense against hackers. It is important to have these items implemented but also to routinely verify that your firewall settings are appropriate and that your anti-virus software is updated and installed on all systems.
4. Encourage employees to lock workstations when not in use. Locking workstations when not in use will help prevent an unauthorized individual from accessing or viewing sensitive information.
5. Restrict the use of Wi-Fi networks outside of the company. Ensure that guest networks are segregated from your internal networks. In addition, be sure that the password to your Wi-Fi is centrally managed and changed periodically.
6. Prohibit personal portable storage devices. Prohibiting employees from using personal storage devices and requiring them to use company-issued devices will allow you to properly manage the security on these devices making it difficult for a hacker to gain access to sensitive information.
7. Make sure employees know how to report suspicious activity. Ensure that employees know who to report to when something seems suspicious. Also encourage employees to report suspicious activity immediately when something seems amiss.

By following these steps, you can lay a good foundation for robust cybersecurity practices year-round. While there is an increased emphasis on cybersecurity during the holidays, businesses need to be prepared for a potential attack year-round. Preparedness will help prevent a breach and greatly reduce the damage of a breach if one were to occur.