As many businesses continue to expand, a new year often means new employees.
But while hackers employ more sophisticated techniques, it is crucial to remember that you and your team are the first line of defence against cyberattacks.
Human error causes the majority of cyber-attacks. It only takes one employee to fall victim to a phishing scam or delivery scammer in order to cause a security disaster. Take the steps outlined below to protect your staff from malicious threats that are out there:
Pre-arrival induction checklist and onboarding training
Before your new employee begins using their designated computer, you should make sure that all software and anti-virus updates are completed. You should also ensure that your device continues running smoothly by regularly checking for updates manually. Thankfully, Windows usually updates automatically every 17-22 hours.
Most anti-virus packages are valid for one year. As the end of the year approaches, we find ourselves a little burnout and anti-virus software renewal can easily fall by the wayside.
Why not schedule your renewal date into the calendar at the point of validation? It takes moments to set up and will serve as a timely reminder during the busy year ahead.
If you use Bring Your Own Device (BYOD) make sure all security applications and confidentiality processes are signed for.
Ensure staff are trained on the importance of this at induction and how they can report concerns or raise a support request if they are not sure how to update notifications on their devices.
Accreditations like Cyber Essentials Plus will help you to reduce risk and potentially help you to win or retain work.
Perform regular back-up checks – onboarding understanding
The most common method of backup is cloud storage. Popular platforms include Dropbox, Google Drive and Microsoft OneDrive.
Alternatively, you can back up your data to an external drive like a USB or hard drive.
We recommend two methods of back up in order to have you covered both onsite and offsite.
However, you have to ask yourself: who has access to these and how are they recoded and stored? If these skills are not an area of skill in your team, engage a security specialist consultant to advise you.
Importantly, ensure all new staff are trained in using a USB to import or export data, and that they are knowledgeable about which platforms they can upload to and download from.
Uploading 40th birthday party photos to Dropbox raises security alerts in your business. Personal interest will keep them mindful if business risk messages alone don’t.
Training induction processes for efficient required reporting
Educating new employees on the cost of a data breach is key. You should also encourage employees to report any potential security incidents, like a phishing email or an unauthorised person in your workplace. Known as Social Engineering, this can often be the biggest hidden security threat. Smart hackers use a combination of IT hacking and Social Engineering to penetrate businesses.
Building an awareness of the domino effect that occurs within a supply chain educates staff on possible consequences when one person commits a human error. Another crucial element of building a secure team is training employees to be secure both at home and in the workplace.
Critically you need to comply with the ICO reporting requirements if you become aware of a data breach. Developing a culture of ‘better safe than sorry’ for confident reporting is key.
There can be a lot of don’ts around security which can be off-putting to new employees. Getting the induction right for a digital era across security matters is best using knowledge and experience. This ensures a positive workplace culture adopts security just like it does with Health and Safety.
To arrange a team training session in security education, please contact us today.