Your company’s employees can support or undermine the foundation of your data security plan.  They are the most likely to be targeted and the easiest to leverage into a valuable asset.  We are all overwhelmed by security threats and proactively taking action can be daunting. At home, your employees might not see the need to install anti-virus software, use encryption, or set-up a secure Wi-Fi network. At work, these same employees assume the information technology department will just fix it. 

The most significant threat to data security is employees because they have too little working knowledge. Empowering your employees to make their online experiences safer will pay dividends for your company’s data security strategy. A change only happens if they learn and retain information. This means daylong training and large manuals do not have the focus to be effective. So, start small with an easy to understand concept that carries into their personal life.   

Our advice is to start with passwords.  Don’t allow your employees to use the same password or variations that they use for their personal accounts. Anything having their name, children, home address, pets or that is easily learned from social media accounts should be barred.  For mobile devices, demand a minimum of six characters be used and require automatic inactive locking be enabled. For laptops or desktops, use a pass-phrase akin to a complete sentence. The trick is to think of a quote from a movie, a line from a song, or pick random sentences from a book. Every password connecting your employee to the company network should change on a 90-day cycle.

Next, educate your employees on phishing. Hackers increasingly use these emails to get into company servers or as the first step towards a more sophisticated intrusion.  A recent trend includes encryption malware that holds data hostage until a ransom is paid.  It might seem obvious, but the recent Pentagon data breach was because of a single employee opening a malware infected email. 

Training your employees on how to recognize and avoid the bait is a simple yet important piece of your overall data security plan.  

Here are some tips to share with your employees on how to spot a problem email:

·         Validate the sender by verifying the sender’s email address.

·         Don’t be fooled by graphics that are often stolen from legitimate websites.

·         Be suspicious of all links and attachments which can be checked by hovering your cursor over the link. 

·         Watch out for threats and warnings which is a common trick to scare you into quick action.

·         Misspelled words and poor grammar often signal a scam or malware.

·         Don’t let personal information or details fool you because a motivated hacker will take the time to collect this information. 

·         When in doubt, make a telephone call to the IT department.  Data security involves the big picture too.

Consider these suggestions and evaluate where your organization stacks up.

 Know Your Data. Identify, protect, and limit access to your most secure information, which should include all customer and employee personally identifiable information. Consider compartmentalization by keeping the most sensitive information on separate encrypted servers.  Being transparent is important; however, distinguish those who really need access from those that merely want it. 

 Know Your Plan. A data security plan is just a piece of paper unless you have the right team to update, practice and then implement the plan when a breach occurs.  An employee’s title might be important to the chain of command, but the ability to solve problems calmly and quickly under pressure is paramount.

The days of leaving data security solely in the hands of those with technical expertise are over. Take steps now to position yourself and your employees as the front line of your organization’s defense against a data breach.