Close

Share:

3 Things to Tell Your Employees About Cybersecurity

Author: Kristen Lund Date: March 31, 2014

Small business owners don’t have to be just another data breach statistic.

In the fall of 2013, up to 70 million Target customers’ credit card, debit card and personal information was compromised in a data breach that occurred during the busy holiday shopping season. Small businesses aren’t immune from similar attacks. In 2012, around 40 percent of data breaches occurred at companies with fewer than 1,000 employees, according to Verizon’s 2013 Data Breach Investigations Report.

Carolyn Schrader, CEO of Cyber Security Group in Reno, Nev., specializes in helping small businesses avoid cyber threats. But small business owners can’t protect their data alone. Here, she offers three cyber security tips small business owners can share with their employees.

Look for the warning signs of social engineering.

Social engineering, when a hacker poses as a vendor, government representative or even an employee, is a key way that cons learn about an organization and hack into its network. “Social engineers are often great actors and have very convincing stories of why they want confidential information,” Schrader says. “It is critical that employees understand that they are an important link into a business, regardless of the size of the business or the role of the employee.”

Small business owners should tell employees to watch for these red flags, Schrader says. One example of a common social engineering activity is for a criminal to pose as a representative of another business. Another is when a criminal uses personal information gleaned from social media sites and acts as if he or she is connected to the target employee: making a fabulous special offer, asking for a donation to a favorite charity or sending an email with malware that is activated when the employee opens a PDF or clicks on a link.

For a more thorough education, Schrader recommends employee training sessions, ranging from a few hundred dollars for an hour-long session or several thousand dollars for a customized, full-day course. These sessions can teach employees about the most common forms of social engineering and how they can be on the lookout for these scams. Schrader suggests finding a training provider through your local Chamber of Commerce or, if you outsource your IT work, asking that company for recommendations. 

Protect your smartphone or tablet.

Many businesses allow employees to use their own devices for work purposes, and the proliferation of smartphones and tablets “presents a huge opportunity for hackers to access company data,” Schrader says. Smartphone theft is rampant across the country—in New York City, these crimes account for more than half of all street crime, and stolen phones (along with the sensitive data they contain) are often sold on the black market.

Schrader recommends that small business owners ask employees to use a passcode to access their phone or tablet, and to avoid using their devices on public WiFi networks for activities involving passwords or financial transactions (such as online banking or shopping). These unsecure networks are safe for visiting sites that do not require personal information, but for other activities, stick to 3G or 4G networks, which make it more difficult for hackers to steal passwords, credit card numbers and other confidential information.

Set rules for passwords.

“Strong passwords are the first defense to security,” Schrader says, “just as a key is to a front door.” She recommends that small business owners mandate that employees create a personal formula for their passwords, which should include a minimum of 8 characters: uppercase and lowercase letters, numbers and symbols. The longer and more complex the formula, the harder it is to hack. By using a personal formula, such as the first and last letters of words in a favorite song coupled with a few numbers and symbols, an employee can remember the password and change it quickly if needed.

READ NEXT: 8 Tips to Help Reduce Your Risk of a Data Breach

blog comments powered by Disqus

Subscribe For Free News And Tips

Enter your email to get FREE small business insights. Learn more

POLL RESULTS

Do you use a CRM to manage customer information?

Yes, I use a CRM. - ( 216 votes )

CRM? I use Excel. - ( 115 votes )

Excel? I use paper and pencil! - ( 38 votes )

No, I don't use any CRM system. - ( 145 votes )