Your cybersecurity is only as strong as your most blasé or uninformed employee. Find out how to approach the task of informing your staff
It’s a business cliché that staff are a company’s greatest asset and potentially its greatest risk. And while that has always been true in the area of customer relations, it’s now equally applicable to data security.
Employees are the first line of defence against cyber-attack, and also – potentially – an SME’s most glaring vulnerability.
Education is the key, but a balance needs to be struck. Employees need to know the risk their online activities pose and how to manage it, without being rendered unproductive by overly complex procedures. At the very least, staff need to be regularly reminded of the real and present danger of cybercrime.
“Employees are a company’s first line of defence but they also need to be aware of the security threats out there in order to avoid them,” says Richard Walters, vice-president of identity and access management at the cloud service provider Intermedia.
And those threats are constantly evolving. Many SME employees will know of the dangers of opening unsolicited email attachments; far fewer will be aware that both the company printer and their personal mobile phones are potential gateways into the company network.
If you wouldn’t give it away to a stranger don’t make it available online to one
A 2015 report by Intermedia found that 93pc of the “knowledge workers” surveyed admitted to engaging in at least one form of risky data security – from sharing account credentials to installing non-sanctioned applications.