As students return to school carrying backpacks full of mobile devices, smartphones, tablets and laptops, we tend to be more aware of just how important cybersecurity is. While these devices help students learn and stay in touch with family and friends, we’re all aware that they’re not without risks.
Keeping students safe online is a responsibility that parents and educators take very seriously, but too often we fail to recognize that this mindset should apply for people of all ages — even once we enter the workforce.
The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) released a back-to-school Cyber Safety alert that covers everything from rethinking the safety rules of “tech talk” to a toolkit for managing a disaster.
Let’s explore how these tools are applicable to professional businesses.
Having the “tech talk” with your team
Educators who first taught students about using the internet in the 80’s or, as we’ll call them, “legacy-parents,” used to try to track everything young people did online.
Today, we know online safety isn’t about following designated procedures or being completely educated about every risk on the internet. After all, a digital threat such as a phishing scheme can take on many different appearances or occur in different places every time you encounter it.
Instead, security is about training users how they should react to the everyday threats they experience online. In a work environment, that means following best practices, ensuring a protected network and reporting suspicious activity to your IT team or managed service provider.
No target is too small
As part of National Cybersecurity Awareness Month last year, we discussed how cybersecurity is everyone’s business.
A high school or college student might seem like a drop of water in the ocean of hack-able identities, but the truth is no target is too small. So why would your small- or medium-sized business (SMB) be any different?
Contrary to popular opinion, SMBs make great targets for cyber criminals precisely because of their size. With less resources to allocate to IT security, SMBs should prepare themselves like any educational institute and create safe online practices for your “students.” This means hosting regular educational training sessions to equip your employees with the tools and knowledge they need to keep themselves and your business safe online.
From complex passwords to two-factor authentication and security awareness, a well-trained employee is the foundation of cybersecurity.
And remember, as a business owner, this sort of culture of cyber awareness should extend past an annual celebration of security. The department of Homeland Security created a cyber planning guide to help you check your bases.
Practice what you preach
Teaching the importance of cybersecurity is one thing, but like all good educators, sometimes you need to look at your own practices to ensure you’re leading by example.
Besides strong passwords, two-factor authentication and a secure VPN, digital business practices have changed dramatically over the past five years. Chiefly, a business is responsible not only for managing their security but for managing client data responsibly. The rules for handling user data differ depending on whom you’re collecting it from, each with unique standards for use. If your business is gathering such information, make sure you’re up-to-speed on the Federal Trade Commission’s privacy and security management laws.
A basic understanding of data laws not only puts your company on the right track, it helps you and your employees recognize inappropriate use of your own data by other companies and can help pave the way to a more responsible future for everyone.
An annual cyber security seminar is a small investment compared to the benefits you’ll experience by training your workforce. Not unlike students returning to class, treating your team to a workshop on the importance of updating their software regularly, favoring secure websites or identifying compromised emails helps ingrain a culture of security that will carry far beyond the month of August.
Every IT strategy should include ongoing training. If you’d like help educating your team to the risks of the Internet, contact us and we’ll help identify common threats or perform an assessment of your existing IT security infrastructure.
Written by Jim Anderson