In part 1 of this series, I talked about how managers should work with the IT team to set up strong anti-virus solutions for your offices. And in my recent post about hacker-proofing your businesses, I outlined how employees play critical roles in information security.
But here’s an important point, and something that – once again – managers must be responsible for:
Employees must be taught how to defend the business against hackers.
Cultivating a Security-Minded Culture
Information security starts at the top. For any security solution to succeed, it needs to have the support of those in leadership positions.
First, gather your management team and your IT staff and create an information security governance plan. Write detailed policies and procedures that not only keep the environment clean and operational, but also serve as a point of reference should employees have questions. This will also help hold staff accountable.
Second, empower your management team to create training programs for employees. An organization that teaches its staff what they can do to prevent a compromise will be less susceptible to hackers and loss of data.
Information Security Training Basics
Your IT team should not be the only people focused on protecting your company’s data. Managers should learn and then teach the following basic protocols:
- Do not access personal email within a production environment
- Do not open email attachments from unknown or untrusted recipients
- Avoid installing unauthorized software in the production environment. If in doubt, talk to management and/or IT personnel
- Be suspicious of others asking for sensitive information
For more detailed information on these topics, read our Hacker-Proofing series: Dangerous Applications and Content, and Social Engineering.
Open Up the Lines of Communication
Make sure your managers have open lines of communication with IT and with employees.
According to a Verizon study of data breaches, more than 80% of breaches happened because Wi-Fi systems were not protected with passwords. This may seem like the most basic thing your IT team can do to protect your network – and your management team probably feels the same. Encourage your managers to question things when it comes to your information security! It’s better safe than sorry.
Other things managers may want to get a handle on:
- Data encryption. Is sensitive employee and client data — such as social security numbers and credit card accounts — encrypted?
- Physical security. Are the offices protected by security alarms or motion detectors? Is hardware locked down?
- Data storage. How much customer data is your business actually storing? How often is it purged?
What to Do When You’ve Been Hacked
If you think your company data has been compromised, or your system has a virus or malware, contact your IT team immediately.
Part 3 of this series will go into detail about an incident response plan.