Every CEO should be taking the time to ensure all their employees are upholding rigorous business IT security practices. All computers and devices connected within your company represent a potential vulnerability. It takes one mistake, or malicious act, to open up your computer network to a cyber attack. Taking a proactive approach to your IT security is the best way to mitigate your risks and protect your valuable assets. This begins with a stringent background check on every person you employ but must continue from the day they begin to work for you.
Firstly, every company should have a business IT policy in place which outlines the responsibilities of every employee in terms of upholding IT security and what to do in the event of a cyber attack. You should not assume employees are practicing relatively simple measures such as changing passwords regularly or not leaving their computers unattended. Every expectation should be spelled out in a document as well as presented at a workshop. This ensures everyone knows what is expected of them and regular meetings or emails serve to remind everyone to always remain vigilant.
Employees should know what to look out for both in terms of not falling victim to phishing scams but also if their computer or device has been compromised. If they are able to recognise when something is not right, they are in the best possible position to alert the business IT department to a problem. Fast responses mitigate the subsequent losses.
In every company, there are individuals who are more likely to become targets than others. Those in higher management positions with access to more valuable documents and data are more likely to be the target of a cyber attack simply because the pickings are richer. Similarly, the IT department themselves must be staffed with skilled and trustworthy individuals as they have access to the entire network. It is advised that all higher management meet with the business IT security team regularly to discuss their security practices.
Once you feel you have educated your staff to the necessary level, it is important to put them to the test. Many penetration tests are designed not to seek access through the IT security system themselves but into the building and onto computers using employees. The front desk is the first line of security for your company and these people must be diligent when it comes to checking IDs and only allowing through individuals with appointments. Similarly, if a USB stick is left in the car park, would an employee pick it up? And if they do, would they plug it into their computer? Would they give out information to a caller posing from a company claiming to be affiliated with your business? These are all examples of social engineering techniques regularly used to instigate a cyber attack.
There are countless ways in which a company can fall victim to a cyber attack. Remember; you are only as strong as your weakest link. Hold regular meetings and put on periodical, mandatory IT security training sessions to act both as a refresher course and also a way to deliver new and up-to-date techniques. Invest time and effort in educating your staff to ensure your business IT practices remain impenetrable.