How to Create a Culture of Security for Your Business

If you think your small business will not be the target of a cyberattack, think again.  No business is immune from hackers, many of whom launch automated attacks that don't distinguish between big businesses and small businesses—they are just looking for any business which is vulnerable.

According to Small Business Trends, for example, 43% of cyberattacks target small businesses, and about 60% of those companies are out of business within 6 months of the attack.  For small businesses, the cost of a cyberattack is unsustainable, almost $900,000 on average. 

FREE Guide: Everything You Need to Know About Network Security

The causes of these attacks are several, from third-party mistakes to operating system errors to malicious insiders.  The number one cause of small business cyberattacks, however, is negligent employees, accounting for almost 50% of the total.

Employee Security Training Is Critical

Many companies spend substantial resources on technology to make their businesses secure, but never take the time to educate their workers about security dangers.  That is a costly mistake, as Symantec points out:

"The best security technology in the world can't help you unless employees understand their roles and responsibilities in safeguarding sensitive data and protecting company resources. This will involve putting practices and policies in place that promote security and training employees to be able to identify and avoid risks."

The most effective security training programs go beyond making employees aware of external threats—they also seek to transform organizational culture, helping your workers understand why security is so important, and that a successful cyberattack could shut down your business.  You can create a culture of security by following 2 simple steps:

Step One:  Provide General Training Education

The first step is to make employees aware of the several kinds of threats your business faces, from malware to Trojans, viruses and phishing scams.  They should also know the rules for what is, and what is not, safe to install on their work computers, what constitute smart passwords, and that they should never open an email from someone whose name they do not recognize.  In addition, you should provide clear backup protocols and instruct your workers to inform others whenever they see something suspicious.

Step Two:  Create an Effective Security Awareness Program

The goal of a security awareness program is to provide your employees with security guidelines which are clear, straightforward, easy to understand, and easy to follow.  Those guidelines should include at minimum the following 6:

1. Do not share passwords or IDs:  employees should under no circumstances share their passwords or User IDs.  It is important to be clear about this, because there will inevitably be occasions when, for example, an employee is away from the office but wants another employee to access information on his computer.  Provide these sorts of example and explain that, regardless of the seeming urgency, they never justify sharing this critical data.
2. Install anti-virus software:  make sure aevery employee is responsible for installing recommended anti-virus software on their devices, and that they perform regular security scans.  They should also scan any new data files or software before opening or executing them. 
3. Backup data regularly:  explain to employees the importance of backing up their data and documents, and that they are primarily responsible for their own backup.  Provide a reasonable timeframe for such backups, such as weekly or biweekly, depending on your needs.
4. Limit use of the internet:  establish clear guidelines for the types of websites employees are permitted to access.  Explain in plain language that some sites, such as gambling or pornographic sites, are strictly off limits. 
5. Limit email use:  although it is reasonable to permit workers to occasionally use work email for personal reasons, you need to explain that some types of email are not permitted.  This would include things like emails related to political campaigns, solicitations from charitable organizations (unless specifically allowed by your business) and chain letter emails.
6. Protect work computers  employees should keep notebooks used only at work in a secure location, like a cabinet or docking station.  When employees take computers home, they should have clear rules for keeping them safe from theft—for example, they should never be left in employee vehicles.

A cyberattack can do much more than slow your business down—it can bring it to a grinding halt, leading to damage so costly you might not be able to recover.  It is important to protect your data proactively by effectively educating your workforce about the security threats you and they face every day, and ensuring they understand how to protect their computers, and your company, from those threats. Read 21 Terrifying Cyber Crime Statistics that you should watch out for.

It is equally important to get the professional help you need to ensure maximum IT services and support for your business.  To learn more about Total Computer Solutions backup, network admin, cloud and security IT solutions will keep your business safe and ensure its continued growth, contact us today.