More than you might think, your employees can help keep your network safe and secure. Think about it: they’re the ones dodging (or not) opportunities to visit potentially threatening sites, clicking on pop-ups, or downloading mysterious attachments. If employees aren’t fully informed of the dangers of their online actions, your network security and, therefore, your business is at high risk. After all, it's impossible to block every security threat that comes your way, even if you employ all the basics, like firewalls, intrusion prevention systems, and anti-virus software. So make sure to keep employees in the loop about what they can do to help prevent malicious attacks and protect your company’s critical data.
Here are five ways you can educate your employees about network security:
1. Engage in ongoing security training. Hackers are constantly trying clever new ways to trick even the most sophisticated users into downloading their malware or respond to a hoax email. Helping your users stay ahead of these tricks is critically important to the security of your network. Employees should receive network security training during their initial new hire orientation. But that's not enough; training should be ongoing. Users need regular reminders, whether it's to change their network password every few months or tips on recognizing the latest phishing scheme.
2. Make security personal. Network security may seem like an abstract concept to employees. But I bet just about all of your users have home computers and make online purchases using a credit card; you can use that scenario to make your company's security personal to your employees. Help employees understand that their information, including details about their identity, is better protected if they follow security policies to keep the corporate network locked down.
3. Be accessible to users. Employees need to know who to go to if they experience a network security incident or if they have questions about security, such as a suspicious email or an unusual pop-up window. If you don't have on-site IT support, make sure everyone knows how to contact support personnel through your provider. It's equally important that users know what to do—or what not to do—while waiting for an answer from your security expert.
4. Tell users what to do. Security training should include information on how employees should respond to a security incident as well as how to avoid one. What should users do if they click on an attachment that turns out to be infected? Do they call your security expert for help or should they take some immediate action with their computer on their own? Employees need to know how to respond, including whether to immediately shut down their browser windows or computers if necessary.
5. Make security easy. Even the most thoroughly trained and well-intentioned user might be tempted to circumvent your security measures if they're difficult to follow; so, make it easy for users to follow your policies. For example, configure your applications to automatically prompt users to change their passwords on a regular basis and make sure your anti-virus software updates automatically when it won't interfere with employees' workday. Also, don't fault the user who reports a security breach. You want employees to feel safe so that they come to you about any potential security risk.