Your employees will always be the weak link in any computer security solution. Unlike your computers, they cannot be programmed to avoid dangerous websites, suspicious content, and risky behaviors, but making these 7 security protocols mandatory is the next best thing.
1: Make Strong Passwords and Update Them Regularly
This should be standard protocol. Teach your employees what makes a strong password, which passwords they should avoid, and why they shouldn’t write down their password anywhere on their desktop or store passwords to accounts unencrypted on their computer.
Make employees change their passwords every 3 months.
2: Email Attachment Control
E-mail attachments can be a useful way to share files and information, but it’s also a good way to spread viruses. Sometimes, people will accidentally spread infected files through email, but more commonly viruses and worms will use compromised accounts to spread themselves, posing as the account user. This then becomes a danger to anyone who might mistakenly open these files.
To avoid this, make strict protocols controlling what should and should not be shared via email attachment. First, ban non-work attachments. This will make it easier for employees to know when to expect an email with an attachment and when the attachment is likely fraudulent. Next, implement a file naming protocol. If shared files are all expected to be named a certain way, it also helps employees distinguish legitimate from fraudulent attachments. Finally, consider eliminating email attachments altogether. Use shared network drives, drop-boxes, or cloud-based file-sharing like Google Drive.
3: No Unauthorized Software
There’s no reason why most employees should be installing new software on their computer. Any time an employee decides to download and install software on their own, they could be exposing your system to an additional set of hacker exploits. They may even be downloading a Trojan. Ban unauthorized software altogether.
4: No Stick Drives or Data CDs
Stick drives and data CDs can be useful ways to transfer data, but they are also capable of spreading malware. They can also be used by employees to steal sensitive data, or even copy massive amounts of it, then lose it accidentally. They are an unnecessary risk and should be banned. For file sharing, use one of the solutions mentioned above.
Some people will object that in a BYOD workplace, the employees personal devices are a much more serious security risk. This is true, and in a BYOD workplace, an employer must institute appropriate BYOD security protocols that balance the benefits and risks of the policy.
5: Log Off, Shut Down, and Lock Up
Employees should be required to log off their workstations when they leave for breaks beyond a certain length. (What is appropriate for your workplace depends on how many employees you have and how good surveillance you can keep on workstations.) Every employee should be required to log off and shut down their computers at night. Also make sure people know to lock their offices when they leave, and set up a protocol for locking the company office at night.
6: If It’s Not Your Job, It’s None of Your Business
Employees can’t compromise information they don’t have. Institute a strict compartmentalization of sensitive data in your company. People should only have access to the information they need to get their job done.
7: Everyone Gets Security Protocol Training Often
Security is every employee’s job, from the newest hire to the founding partners. Everyone should attend security protocol training, and appropriate refresher courses. These courses should be carried out at least once a year, as well as every time protocols change. Managers need to be held to the highest standard for security protocol compliance. They not only have access to more sensitive information, they set an example for the employees under them. If your managers aren’t following protocol, neither will the employees under them.
- License: Creative Commons image source
Dr. Matthew Candelaria is a professional writer with more than five years’ experience writing copy in industries such as business technology and computer security. For more information about him and his work, visit WriterMC.com.