How can information security be improved in the workplace, At the end of last year, Target’s CEO resigned amid the controversy surrounding the recent data breach that impacted millions of customers? This month, we also saw Home Depot announce its latest security breach, with 56 million customers’ email addresses and credit card numbers being stolen from its stores’ registers. The question now becomes how can information security be improved in the workplace?
How can information security be improved in the workplace
- Information Security Is Everyone’s Responsibility
- Encourage Them to Take Basic Steps
- Implement Clear Policies
- Make Security Routine
- Follow Up on Breaches
Information Security Is Everyone’s Responsibility
Security breaches happen every day, but that doesn’t mean you should stand by and let them happen on your watch. It’s important to make sure that everyone on your team is well aware of their individual responsibilities for keeping data secure. For example, make sure employees know how to spot phishing emails, update passwords frequently and check permissions before sharing sensitive data with outside vendors. Since problems often stem from poor password management or simple oversights, it’s important to implement these checks on a consistent basis—including ensuring your own practices are up-to-date as well! Remember: The only way to truly prevent a breach is to stop attackers before they get into your system. Once they’re there? It might already be too late.
If a breach does occur, it’s important to determine exactly how it happened and which employees were affected. By instituting your standard policies and procedures and encouraging regular maintenance of equipment, you’ll reduce the risks of a future attack—and, most importantly, you’ll help prevent unauthorized access to sensitive data or theft of trade secrets. In addition to following these steps, make sure all team members know what they should do if they notice something suspicious or suspect an attack is occurring. Always keep an eye out for weaknesses in your organization’s security posture so you can remain vigilant against potential attackers at all times!
Encourage Them to Take Basic Steps
If you’re an employer looking to tighten up your organization’s digital security, there are some basic steps everyone should take. Ensure employees enable two-factor authentication for all business email accounts, work with them to create strong passwords, and get them into a habit of not clicking links or attachments from unknown sources. Asking people to do these things only takes five minutes, Denning says. If employers want to go further than that — maybe they have a more advanced threat model they need to protect against — then maybe more specific and advanced solutions are required. However, that may not always be necessary.
The rule of thumb is, if you’re an organization with a large amount of sensitive data, start with compliance, says Alan Woodward, visiting professor at Surrey University. It’s not that difficult to adopt. For example, businesses should get their employees to change their passwords on a regular basis — once every two months is ideal. This forces people to create strong passwords rather than reusing ones that are insecure or risk falling into hackers’ hands.
Make sure employees know how you expect them to handle personal data. Clearly state what is expected of your employees when it comes to protecting customer and company information, and outline consequences for not complying with policies. It’s also important to conduct regular training about cybersecurity so that everyone is on board with best practices. Even if you don’t have a dedicated IT team, it’s worth getting an outside consultant or security professional on board to give basic training sessions for all employees—and then having these sessions become part of employee onboarding protocol.
One of the easiest ways to keep company and customer data secure is by using a virtual private network (VPN). A VPN essentially makes your computer appear as if it’s in a different country, making it harder for hackers to breach or track. Look for a service that doesn’t keep any logs about your activity on its servers, encrypts your internet traffic, and protects against DNS leakages. Other good security measures include updating all software with updates as soon as they are available and installing an antivirus program to scan downloaded files before opening them. The key here is don’t assume you won’t get hacked—and then make sure you do everything you can so that if you do get hacked, it won’t be devastating.
Make Security Routine
Even if you don’t know a lot about cybersecurity, you have to talk with IT and others who do. The more you know, and better yet, if they know you’re interested, they’ll be more likely to work with you to protect your company from malicious activity. Be sure that when new hires are introduced to your firm that everyone involved explains exactly what kind of data is protected by whom and how. You don’t want potential or current employees thinking that all of their personal data is unprotected by one set of hands or another.
If you’re a manager, talk with your IT team about how they see vulnerabilities and what they’re doing to prevent them. If you don’t have an IT department, ask around – and again, express that you want everyone to know what everyone else is doing and why. This will help make sure that information security practices are instituted throughout your company. Be aware of employees who use unsafe practices or share their passwords with others – a big violation of any employer’s policy – or report these transgressions to human resources as well as your IT personnel so that problems are not repeated. Most importantly, for both employers and employees alike: Make cybersecurity awareness part of your routine.
Follow Up on Breaches
While some cyber-attacks are too big for individuals to defend against, there are a few proactive steps that could help people and companies secure their data better. This includes doing a complete audit of what kinds of sensitive documents are stored on your system, who has access to them, and how to get rid of them when you no longer need them. A comprehensive inventory will also help you maintain constant vigilance over who is accessing those files (i.e., make sure you log any time an employee accesses a file). That said, by knowing what’s stored on your computer systems and networks, as well as which employees have access to it, you can do everything possible to spot red flags early on and shut down any leaks before they get out of hand.
In order to do so, you must constantly track who has access to which files and when. By doing so, you’ll be able to tell early on if there is a leak happening—and even before it happens if you use software that tracks file movement. Of course, ensuring that sensitive data never leaves your systems isn’t always possible. Sometimes sensitive data needs to go out for delivery or filing purposes, and cyber-attacks like ransomware can encrypt that data without your knowledge until it’s too late.