Swiroset.com

The number one threat to your information system security is the insider threat. Make sure your employees know how to work safely with computers. Failure to do so is a lack of due diligence on your part.

Here is what employees should know at a minimum:

What type of information does your company process?
What are the basic responsibilities of employees for information security?
What are the components of the organization’s password policy?
What are the best security practices that employees should follow?
What qualifies as a clean work area that supports safety?
What kinds of threats should employees be on guard against?
What are some common attack methods?
What actions should employees take when an attack occurs?
What are the company’s email policies?
What are the company’s web browsing and social media policies?

Your employees need to be aware of how raw data is processed to create insights and how your business uses it to make important decisions and profit.

Get it wrong and the company loses.

People who work for you and third parties who come into contact with your system should be viewed as potential threats. This is why an information security plan must be in place and everyone must be aware of it. Anything less is the equivalent of having your proverbial “ankle-length pants.”

Each employee is responsible for computer security and the guarantee of their digital assets. People who collect and process company data must be aware of all their responsibilities. Those who work for you must be conscientious and responsible.

Every person working in your organization needs to be security conscious and know what to do in the event of an attempted or actual attack. Anything less and your people will fail.

Everyone should know how to maintain a secure workspace, where sensitive papers are kept out of sight. Workers must know how to lock their keyboards to prevent bystanders from viewing screens and accessing terminals.

Everyone in the company needs to know how to create and maintain strong passwords or multi-factor authentication. Passwords should be complex and changed regularly. An organization-wide digital security program should be maintained and periodically evaluated.
Security-related policies must conform to best business and industry practices. They should be part of each employee’s security awareness training. For example, the people who work for you should know that off-site storage media must be properly scanned before being entered into your information system.

Your people need to be aware of common attack methods used by cybercriminals and others. A seemingly innocent request for information over the phone could be the start of a social engineering attack designed to obtain crucial information to get into the company’s system.

Email should be part of the organization’s policies to protect confidential information. Once again, having policies should be part of an organization’s due diligence effort to keep cybercriminals at bay and out of their system. Your workers must know how to handle the various situations that arise. Simply clicking on a malicious link could compromise your entire system.

Using social media platforms and surfing the Internet could open up multiple avenues for malicious users to get into your system. Your employees need to know what is considered acceptable practice when it comes to using Internet resources. Your company could be held liable, for example, if an employee wrote something derogatory about an ethnic group or if his assets could even be used for illegal purposes without his knowledge.

Maintaining the confidentiality, integrity, and availability of your company’s mission-critical information requires that those who work for your company have the tools to do so. Having a formal information security plan is a basic necessity. You are in real trouble and you have already lost the battle against cybercriminals if you don’t have a plan. And if you have a plan and your employees don’t know about it, the same is true.

You need to start treating IT security as a business process.