EITS Tech Tips & Tech News

5 Tips on Building a Healthy Cyber-Security Culture At Work

Written by Mike Tungate | Oct 10, 2017 3:22:05 PM

No matter how up-to-date your virus protection is, or how strong your firewall is, your workplace will not be completely secure without building a culture of cyber security among your employees and coworkers. Thieves and hackers are always looking for the 

easiest way to break into your systems, and the weak link tends to be individual people, not computers. Here are 5 ways to build awareness and boost cyber security at work.

 

1. Establish Policies and Procedures

Before you can get the entire crew on board, you must have expectations clearly spelled out and available for employees to review. Standards are likely to be different for higher level managers than entry-level beginners, and some departments might be more secure than others. It is important to make sure that policies and procedures are defined for all segments.

 

Related Post: What to Do if Your Computer Gets Ransomware 

 

2. Concentrate on the Basics

Onboarding new employees should begin with basic security training and all other staff should be refreshed on policies on a regular basis. These training exercises should be focused on the most essential cyber security measures including:

 

  • Passwords. Along with requiring long and complex passwords, make sure your employees understand how hackers try to get in, especially with brute-force attacks. The longer the password, the harder it is to crack. Emphasize the need to use number and symbols, and to stay away from common dictionary words.
  • 2-Factor Authentication. The use of a one-time code sent to a personal device following the entry of a password will boost security significantly. Many employees find these inconvenient, but educating on the need for added security will help keep people on board.
  • Checks and Balances. Be sure to limit access to systems to only what the employee needs to do his or her job. In addition, monitor login activity and follow up on unauthorized access and failed attempts. Lastly, it is imperative to remove access immediately upon termination and to consider suspending access for vacations and extended leaves.

 

3. Make Security Awareness Engaging

A long, boring annual meeting on cyber security is probably far down on your employees' list of favorite activities. To keep people engaged, training and awareness sessions need to be short in duration, and ongoing throughout the year. Include ways to keep people interested and involved with contests, games, and other activities that encourage participation rather than zoning out.

 

4. Make Telecommuting Safe

Flexible work schedules and easy internet access are making telecommuting situations grow in popularity. On the other hand, these employees on the go can be a major security risk unless proper precautions are taken. For example, coffee shops may be convenient, but open WiFi access is dangerous without the added protection of a VPN. Make sure that traveling employees not only know how to use these systems, but also that they understand their importance so they aren't tempted to cut corners.

 

5. Create a Positive Environment

In too many cases, cyber security in the workplace is seen as a list of restrictions: systems that are off limits, websites that cannot be accessed, and trouble for making the wrong move. Instead, make your security department accessible and informative for all employees. Make sure everyone is comfortable asking questions and requesting demonstrations, and that people are not afraid of "getting in trouble" for making honest mistakes.

 

Creating a Secure Environment

When everyone in the workplace is educated about the necessity of cyber security, and then trained on the proper procedures for implementing secure measures, the whole company benefits. Not only will your business be more secure, but your employees will be motivated to participate as well.