Not many of us these days are prone to leaving our houses unlocked, or the windows wide open as we head to work, and it’s fair to say most of us will ask for ID if someone we don’t know comes knocking at our front door. But are British businesses - so reliant on protecting company data - taking as much care in the workplace?
Protecting your employees and your company data can feel like an intimidating task. With hackers constantly inventing new schemes it’s no wonder that cybersecurity hiring has ramped up over the last several years.
The reality, however, is that most successful attacks aren’t technically sophisticated; in fact just like leaving your front door open at home, they exploit common human errors. So with this in mind, we’ve compiled a list of five simple tips that any of your employees can understand and put into practice. That means whether you’re the owner of an SMB, or responsible for security at a global enterprise giant, or even just a concerned team member trying to do the right thing, you can protect company data by making just a few changes to the way you work:
1. Use strong and unique passwords
As much as special characters and capital letters can increase password strength, simply making your password longer is often the most straightforward approach for improving password security. Still, experts say using unique passwords might be even more important—if one account is compromised, the others will remain safe. One easy way to check both of these boxes is to use a password manager like 1Password or LastPass. It’s a solution that’s convenient for employees, but secure enough to keep IT admins happy.
- Tip: Encourage employees to practice the same good password habits with personal accounts—many successful attacks on businesses start with a stolen personal password or user name.
2. Enforce two-factor authentication
Two-factor authentication — which typically involves a mobile app—is another must. Even if your password is stolen, it will serve as a backstop, preventing hackers from accessing your account. The problem? Only about 30 percent of people use two-factor authentication, and nearly three-quarters of IT decision makers admit receiving complaints from employees who use it.
- Tip: Some services let you use a Universal 2nd Factor security key, a physical alternative to two-factor authentication that can also protect you against phishing attacks.
3. Push all software updates
Some security pros say keeping software updated is actually the most important safeguard for protecting company data. Everyday users don’t always understand how important bug fixes and security patches can be. Ideally, IT teams and business owners should force software updates across employee devices if they haven’t been updated within a few days.
- Tip: Sometimes it helps to be as specific as possible about what a software update will do—if you explain how the update fixes a vulnerability, employees will be more eager to download it.
4. Practice good badge behavior and discourage tailgating
One of the easiest—and most overlooked—security targets is the office itself. Compared to cracking a two-factor authentication-protected account, slipping into the office can be surprisingly easy. The biggest offender is tailgating: namely, when an unwanted guest follows a legitimate employee through a door before it closes. Your employees’ manners might tell them to hold the door, but they’ll be better off dropping the instinct for courtesy. You can also encourage employees to ask to see a badge if the person behind them doesn’t have it visible.
- Tip: Make it easy for employees to get a replacement badge if necessary, so there’s no excuse for someone without a badge.
5. Be smart with devices
At the office, you can encourage employees to put their computers to sleep when they leave their desk. On the road, they can use privacy screens to discourage snoopers from reading sensitive information. Criminals, or even just overcurious onlookers, will often act in response to opportunity. Safeguards like these will prevent them from getting any ideas in the first place.
- Tip: Ensure that data on employee devices can be wiped remotely. This way, even if a device is lost, you can still protect company data.
While each individual tip on this list is simple, taken together, they can make a giant difference. If employees can establish good habits like these—even with no additional technical knowledge—they make the security team’s job easier and help protect company data.