One of the biggest pieces of keeping your data secure begins not with complicated technology, but with simple communication. Your first line of defense is drawn by training your employees. That’s why in honor of Cyber Security Month we’re talking about establishing your company’s data policy. What does policy have to do with keeping your business secure? With social engineering continuously on the rise and cyber attackers getting more and more convincing with their email tricks, the more guidelines you can give your employees, the less likely they are to fall victim to a scam.
Have clear and specific data security policy
Setting standards from the beginning makes out of the ordinary requests much more apparent to your employees. A common scam we see is an email request for a wire transfer allegedly from a superior. One way to stop this before your assets are gone is to set very specific procedures for requesting money and be consistent in executing those procedures from the top down.
It might be old school, but try creating a form that has to be filled out or require a password confirmation. If your employees know that every time you request money you will follow this procedure they are less likely to be susceptible to someone attempting to take advantage of them via email.
This goes for login scams as well. If it is made clear that anything regarding your office IT needs to be handled through the IT department (including email account confirmations) you lower your risk of malware infection or data breach.
Teach email best practices
Sometimes the fakes are really obvious, but other times it’s not so clear. It’s important to take the time to train your employees on what to do when they suspect a fake. Number one never click on any links or file attachments. These are the typical ways malware can end up on a machine.
If the email appears to be coming from a service you use such as; Microsoft, Apple, your bank, your best bet is to open a new browser window and check your official account for any notifications. Typically any notices they send to your email will also be available there. Remember DO NOT use any links from the email, instead login manually. If you are still suspicious, call a customer service rep and they can clear up any other concerns.
If the email appears to be coming from someone you know but just seems a little off, start an entirely new email thread and ask for verification directly from that person using an email address that you know is valid. It may seem excessive but most appreciate the dedication to security. It could also expose a breach in one of their accounts.
Set mobile device standards
Whether you’re using a BYOD model or supplying devices for your team, there are ways to protect your data.
If you allow your team to use their personal devices for work, you can set mandatory password standards as well as limit the amount of company information an employee can have access to on that device.
A more secure solution is utilizing an MDM tool. This allows you to control what apps and data are accessible from that device. You can also wipe devices remotely in the event it’s lost or stolen.
Start be showing your team that it’s not just ok to question something, it’s encouraged. When asking questions is part of your company culture, or questioning a request from a superior isn't taboo, employees are more likely to notice a phishing scam. Whether it’s “Microsoft” asking them to confirm their email address or “their boss” requesting a wire transfer, encourage your employees to be skeptical of any request that seems out of the ordinary and then confirm that the requests are legitimate before moving forward. Yes, you might occasionally find them questioning legitimate emails, but it’s better than finding out they wired $80k to a scammer claiming they were you.
Having security in mind when building your business best practices is crucial to keeping your data safe, but so is having an IT partner readily available incase mistakes happen. Contact us for a free consultation!