National Cybersecurity Awareness Month: A Year-Long Effort

October is National Cybersecurity Awareness Month – a time that is dedicated to showcasing how to stay safe online by providing insight and best practices on how to protect Personally Identifiable Information (PII), financial and sensitive proprietary data.

The need for proper cybersecurity within the workplace should be a continuous effort throughout the year. With small businesses feeling the brunt of data breach events, many of which are caused by cyberattacks or other security vulnerabilities, a proactive attitude toward cybersecurity risks in the workplace is now more important than ever.

Your employees are ultimately your first line of defense against potential data breaches, and they can make or break your overall business security. However, employees may not realize that protecting business information also means protecting their personal information, too.

Employee Impact on Company Security

Every role in your business can help protect sensitive proprietary information. Many employees may not realize that they do not need to be in an IT or security role to contribute to their company’s overall security. Here are three ways your employees should be educated around how they can positively impact your company’s security.

#1 Business Information is Also Personal Information

The term “Business information” can be used broadly, but it typically includes a mix of personal and proprietary data. While trade secrets, company credit accounts, and new product information may come to mind, it can also include employee PII through W-2 tax forms, or personal financial accounts for payroll purposes.

In short, employees who proactively protect their business’ information are also protecting their own.

#2 Technology Has Its Limitations

We’ve made impressive strides in technological advances, especially related to “smart,” or data-driven technology. But the security measures around corporate technology only works under the caveat that it is used correctly by your employees. Here are two ways fraudsters can gain access to sensitive data by taking advantage of your employees’ human nature:

  • Smart Tech + Human Error = Security Vulnerabilities | Smart technology runs on data, meaning that corporate smartphones, laptop computers, wireless printers and other devices are continuously having data conversations with people, networks and other devices. However, human error has become an increasingly common cause of data breaches through configuration mishaps and business email phishing scams. With more data present and required to use smart technology, more data is ultimately at risk for compromise.
  • Social Media is Part of the Fraud Toolset | Scammers do their homework to gather information for business email phishing attacks. By searching Google and scanning social media profiles, fraudsters have the information they need to impersonate your partners, vendors, as well as your existing human resources and finance departments.

Continuous employee training surrounding your business’ security protocols and best practices is key. Recognizing safe engagement on social networks, and not engaging in “oversharing” will help further protect both proprietary and personal information within your business.

#3 It Only Takes One Time

Data breaches do not typically result from criminals physically hacking into a business’ infrastructure. In fact, many data breaches can be traced back to a single security vulnerability, phishing attempt or instance of accidental exposure.

It’s common sense for your employees to take extra precautions in the workplace or while using dedicated company devices. But, they may not be aware of the risks that can impact the business’ information outside of the office.

Again, having continuous education and security awareness measures in place will help ensure that employees understand that it only takes one malicious link click, one weak password or one unsecured Wi-Fi network to cause a serious breach event.

The Personal-Business Data Overlap: Social Media, Passwords & Wi-Fi

There are many opportunities for personal and business information to overlap in today’s connected world. Your employees may bring their own devices into the office (BYOD), use their personal social media accounts to manage corporate profiles, reuse personal passwords for business applications, or even connect work-issued devices to unsecured Wi-Fi networks.

Most businesses use at least one form of social media, if not more – with over half of them adopting social media platforms within the last year.

But Pew Research found that barely half of employers have social media policies in place.

Additionally, password reuse continues to be a glaring problem related to personal-business data overlap. Plus, employees were more willing to share work passwords than personal ones in 2017.

Even with these risks top-of-mind, many employees will not continue practicing good cybersecurity habits off-the-clock. As such, they may not even realize they’re putting sensitive business information at risk – especially if they use their personal devices for work-related tasks.

Get Every Employee Involved: Show Them, Don’t Tell Them

Cybersecurity awareness is more than just a set of rules that employees follow, but a culture that should be integrated into your workplace. Here are some tips to help you get every employee contributing to your business’ overall security ­– not just IT- and cybersecurity-centric roles:

  • No business is too small to be hacked. Ensure that you are continuously evaluating the risks to your business and have a proper plan in place. If you do not have the resources in-house, consider outsourcing IT/security teams.
  • Technology can only do so much. Your employees may end up being a more significant security risk than your technology.
  • Motivate every employee to protect business data. By protecting business data, employees are protecting their own personal data, too.