People have many commonsense ways of protecting themselves, their homes, and their belongings. You likely practice safety habits daily like locking the front door or keeping valuables out of sight, yet how often do you think to lock your work computer before walking away?
The unfortunate truth is that employees are often the cause of security breaches and malware infections. Companies owe it to themselves to help employees develop safer computing habits and be more conscientious of their use of the company’s computers.
Make security best practices relevant
By making the problem a personal one, companies can easily get their employees to listen. Relate technology concerns at work to their personal lives. For example, you might demonstrate how an employee’s unsafe browsing habits at home, such as making a credit card purchase on an unsecured site, could lead to identity theft or fraud.
This kind of example demonstrates the fundamental reality that, like their own personal information, work data can become compromised or lost, to disastrous consequences. Just like they need to take steps to protect their own bank accounts and credit card numbers at home, employees need follow your security policies and protocols to protect the network and servers at work.
Talk about relevant scenarios to illustrate the need for commonsense precautions in their computing and browsing habits. If you can teach them how to be more cautious at home, it’ll become second nature for them to treat their work-time computing activities with similar care. Helping them to understand their part in the network—that any employee could become a weak link in network security—is a good step toward making them more aware of their own computing habits.
Provide clear security protocols
When you’re training employees, make sure they know how to respond to suspicious emails or websites. If they accidentally click on an email attachment that’s infected by malware, identify the protocol for reporting the issue. Should they shut down their computer or do anything to manage the problem on their own before or while they’re submitting an IT support ticket?
Not only does this teach employees how to protect themselves, but it can help manage the problem and potentially mitigate some of the damage. Even if employees are quick to submit an IT ticket, the damage may already be done before IT can identify and fix the problem.
Teach them to respect their work computer and devices
It’s important for employees to understand how their browsing behavior can affect the rest of the network. Poor browsing habits can leave the door open to malware, hackers, and more, and those accidents can have far-reaching repercussions for the rest of the company.
One big step is not using the company-provided computers for personal use, since these websites might compromise the network. Even when you tell employees about this, it can be hard for them to stick to that practice. Raising their awareness about how their actions can affect others while at work may still serve a purpose. Make them mindful of clicking on suspicious attachments or pop-ups can protect them from themselves, and the network by extension.
Educate them on what makes a secure site, and what may be an unsecured site
Employees who spend any amount of time on the internet should learn the difference between “http” and “https” websites (“https” being the secure version of “http”). They should also be able to differentiate a secure site from an unsecured site as indicated by a padlock icon in the top left corner of the address bar.
Visiting sites without the image padlock in the URL address bar or without the “https” could put employees at risk for encountering “spoofed” websites designed to look like a legitimate, trusted site. Such sites could house malware or vulnerabilities hackers can use to infiltrate an employee’s computer or the company network.
Speak to employees regularly about good password practices
Poor password practices are rampant – both at home and at the office. Here are some basic practices employees should be following to keep their work computers safe.
- They should be changing their passwords periodically.
- Passwords should be strong, with at least 12 characters, including capital and lowercase letters, numbers, and special characters.
- Two-factor authentication should be utilized when and where it’s offered.
- Employees should be instructed to use separate passwords for the accounts at work.
- Promote the use of password managers instead of writing passwords down somewhere they can be found. With password managers, employees only have to remember one complex password, and the manager will store the rest.
Related Article: Why 'password' is Not a Secure Password
Instruct employees on how to back-up their work
Employees should know where all of the important office drives and folders are located. Typically, shared network folders and drives are backed up, but files saved on individual computers are not.
Make sure employees know where and how to save their work on shared network drives. Not only does this help their co-workers find important documents, it prevents files from being lost because they weren’t properly backed up.
Be clear about what an employee can and can’t download, view, or install on their work computer
Employees often like to customize their office computers to work well for them, but that doesn’t mean they should have all the apps or programs they have at home. Identify what browsers and programs are OK to use, and which aren’t.
Some companies prefer to vet and test certain programs before recommending them, and some software they would rather avoid altogether due to lack of security patches or compatibility issues. Employees installing their own software could open up vulnerabilities in the company network, so it’s important to give them a list of pre-approved programs.
Share the dangers of and best practices for connecting to wireless Internet connections
Public Wi-Fi hotspots are known for being vulnerable points of attack by hackers. Many times, a user will simply connect to whatever wireless hotspot is open and available, without considering whether it’s a secure connection or not. When it comes to wireless devices – whether at work, or when working remotely – teach employees how to choose secure wireless connections to avoid exposing sensitive company data or files to hackers.
Schedule internal security drills
One of the best ways to train employees to become safer browsers is to schedule internal security drills. Think of it like a fire drill: it prepares employees for handling real emergencies. There’s nothing more dangerous than a major security breach, or the company network becoming infected by malware.
You could send out fake phishing scam emails to see how employees respond, and to see whether they follow protocols for opening and reporting such emails.
Making employees safer browsers and training them to have better computing habits is a proactive mission. It requires on-going education and regular reminders to follow best practices, including stronger passwords, conscientious use of wireless connections, and using only the recommended and pre-approved programs provided by your IT department. If you need help implementing IT safety procedures in your workplace, give our IT experts a call!