Secure messaging systems, comprehensive mobile phone archiving, and strong IT departments are all important steps on the way to running a secure business, but in addition to these steps, it is important to combat one of the most common threats to a company’s security – its own employees and their mistakes.
Human error is one of the top threats to data security and it stems from both ignorance and sometimes negligence. The good news is, there are ways the likelihood of human error to ensure that company data remains confidential.
Communication is Key
You’d be hard pressed to find an employee in any industry in the US who doesn’t own a smartphone today. Some will own two and many will own tablets and laptops and possibly a desktop computer of their own as well. And in many industries, where work is brought home and continues well into the evening and weekends, employees use all those devices for work-product. But owning a device does not mean they understand the security weaknesses of the device or how to use it properly when it comes to secure communications.
One of the most important thing an IT department can do is simply communicate to employees how to avoid common security threats and explain the consequences of failing to do so. Phishing is an example of a security threat that employees may be aware of but aren’t trained to spot. A session that explains how to spot a suspicious email and the dangers of sending information in response to such a message can drastically reduce the number of security breaches that happen far too often.
Don’t forget to look up
Communication doesn’t stop at low level employees. High level managers have access to more information than most low level employees and so they become lucrative targets for cyber attacks. No on in the organization should be exempt from sessions that discuss cyber security measures.
Even members of the IT department should regularly be reminded of the pitfalls that surround them in their work. The IT department has unlimited access to the whole network housing the information from all departments in the institution, so while they may be more trained in cyber security measures, they are also at higher risk as targets and should remain vigilant.
Early and often
The lines of communication between the IT team and the rest of the institution should be open on a rolling basis. Once a year security meetings aren’t enough if new staff is taken on periodically throughout the year, for example. Lunch sessions with IT on a regular basis can provide an opportunity for employees to learn more in depth about different aspects of cyber security and will serve as reminders of the importance of staying vigilant across all work and personal devices.
Take it seriously
There is little worse than being laughed at by a tech guy for getting something wrong. Employees should be encouraged to report suspected cyber breaches and given positive feedback, even in the case of a false alarm. Disparaging someone for raising the red flag when it wasn’t needed will discourage them and other employees from doing so in the future, when there may be a real threat detected.
Moreover, treat employees who have made mistakes with respect. Phishing scams, for example, are very common and have become more sophisticated over time. If an employee falls into a trap and realizes too late that they have done so, they need to feel comfortable coming to the IT department to report their mistake.
It is the IT department’s job not only to deal with the technological side of keeping systems secure and warding off attacks, but also to do their best to eliminate the potential for human error on the part of employees who are less aware of the pitfalls of the internet.