Editor’s note: In the article, Dmitry explains basic network security principles and lists practices we at ScienceSoft implement to keep our networks protected. If you decide to roll out the practices described or need an in-depth engagement of security specialists, check the services of our penetration testing company.
According to the Identity Theft Resource Center, just this year there have been more than 650 data breaches, exposing over 22 million records. To keep client and employee records safe, a company must adopt, utilize and continuously improve its safety and privacy practices. If not handled properly, this information can be tapped into by cybercriminals, which could ultimately lead to a larger problem such as financial fraud and identity theft (ID theft).
Unfortunately, there is no foolproof system to avoid a data breach and its consequences; hackers are constantly adapting to override the internet securities of the corporate world. This being said, here are some proactive procedures an employer can implement to best protect their employees online.
Train your staff
A cybersecurity specialist and senior employees can assist in training of new or advancing employees. This practice can be especially helpful when covering topics on the security of private information, client data, and intellectual property.
If you don’t have an in-house cybersecurity expert, you may find the following topics and resources helpful:
#1 Cybersecurity planning.
- FCC Cyber Planner. This tool was designed for small businesses. It allows them to create a customized cybersecurity planning guide around their needs; once complete, it can be easily distributed among employees.
#2 Data breach response.
- FTC Data Breach Response Guide. This guide covers the steps to take after a breach has occurred. Training employees on how to properly act following a breach is essential to a speedy recovery, and therefore should be shared among employees, adopted and utilized.
#3 Cybersecurity is a shared responsibility.
- When it Comes to Cybersecurity We’re All on the Hook. This blog article discusses the importance of overall training, compliance, and enforcement of cybersecurity policy while reinforcing the fact that everybody in an organization is responsible for the privacy and security of others.
Secure your networks
Think of your network security settings as the front door of your home that you never leave unlocked. In the digital workplace, network security is essential. Therefore, it’s worth hiring a trained individual to setup the network, enable security settings, and ensure the network operates correctly from day one.
Enable firewall settings
A firewall is used to filter inbound and outbound signals to your network. It’s designed to block potentially harmful content, programs, and viruses from installation. If any program is not approved, it will not pass through the firewall. Firewall rules should be tailored to your company’s needs by a professional network administrator.
Use a virtual private network (VPN)
A virtual private network (VPN) essentially gives you anonymity online. Using a VPN is especially convenient for remote or off-site employees as it allows them to access the internet via an encrypted and secured connection. Some companies have secure servers, remote networks, and personalized log-in credentials for their employees. However, any organization can purchase access to a VPN allowing on and off-site employees to start benefiting from a secure and encrypted network connection.
Stay up-to-date
Although it can be a bit of a hassle to continually update software and devices, it is highly recommended. Software updates should be done as soon as possible. If left unaddressed, a security hole or weakness in a device’s operating system or software can be exploited by a hacker. If allowed to infect your computer or business network, malware can be used to steal employee and client data, intellectual property, or even take over control of devices or software remotely.
Strengthen login credentials
It’s advisable to establish a strong password policy throughout the workplace. A strong password includes numbers, symbols, as well as upper- and lowercase characters. It is important to make sure you use different passwords for all accounts. On top of strong passwords, multi-factor authentication for logins should be considered. Multi-factor authentication, also known as two-factor authentication (2FA), provides an additional layer of security by allowing users to track login attempts and deny unauthorized access.
Be careful of attachments & links
Never click on links from an unidentified, untrusted source. One accidental click can lead to downloading unknowingly a questionable file. Just like links, be careful of attachments in emails. Phishing emails often contain fraudulent attachments that, if clicked, can lead to a data breach. If the email has spelling errors, a strange greeting such as “Dear customer,” or an urgent message in capitals, it can be a phishing email.
Summary
There are certain measures that can be implemented to reduce the probability that the online security of your employees will be compromised. Ensuring the protection of your networks, providing quality training for your staff, configuring firewall settings correctly, using VPNs, keeping software and devices up-to-date, using complex and reliable passwords, as well as being beware of downloading questionable attachments and following untrusted links – these are several must-dos of high priority. Developing a security strategy customized for your needs and following for the mentioned steps may not only help to increase the protection level of your employees online, but will also make positive impact on the overall information security state inside your company.
Do you want to keep your business data safe? We offer information security consulting services that address security challenges of any complexity.