The vast majority of hacking that happens at companies doesn’t happen because hackers are geniuses. The vast majority of hacking that happens towards companies is because employees are not trained well enough.

Having some sort of cyber security training in place is an essential for every business. This includes everyone from the cashier to the CEO. Here are some general ideas that you need to cover in order to successfully train your employees for cyber security.

Basic cyber security

Before we get too far into it, make sure that your employees are following basic and sensible cyber security tactics: Training your Employees for Cyber Security

1. They have antivirus software on their machines.
2. This antivirus software is setup for automatic updates to get the latest malware defenses.
3. The firewall on every device should be turned on.
4. Links within emails should be highly scrutinized.
5. Unknown USB flash drives should never be plugged into the machine.

These are the absolute most basic cyber security practices that everyone in your company must be aware of.

Proper authentication

The first step in proper authentication is making sure that your employees use complex passwords, and making sure that do not tell these passwords to anyone. And I mean anyone, if a manager doesn’t need it, they don’t get it. The exchange of passwords between managers that don’t actually need it is a security vulnerability.

Theft

Passwords need to be used on all company computers, laptops, smartphones, and other mobile devices. This will help your company if any of these devices are physically stolen.

If your employee has multiple apps that they use, they need a complex password for each one. Given that most companies use a wide variety of devices, and you will need a lot of complex passwords, it is best to use a password management tool. These tools can be used across all of your devices, and will use a variety of passwords.

Two factor authentication

Employee email accounts and other filesharing tools, where company secrets are frequently stored, should use something that includes two factor authentication. Everything from cloud services to Gmail offers two factor authentication. It is your secondary line of defense if the password is stolen.

Secure network connections

All too often employees use networks which they just believe are magically secure. The biggest culprit for this is Bluetooth which is pretty easy to hack. Here is what your employees need to consider:

1. Free public Wi-Fi is probably the most dangerous network connection in the world. If you absolutely have to use it make sure that you connect to a VPN with a simple client first. VPNs will encrypt your employee’s connection, protecting your company data.
2. If the employee has the option of a wired connection, over wireless, they should use the wired connection. This is true for keyboards, mice, and other devices which connect to your computer.
3. You must use WPA2 encryption on all of the networks which you control. This is the highest level of encryption available. You set it up at the router, your IT team had better know how to do this.
4. The wireless connection that you get from your mobile telecom provider is usually the most secure wireless connection available. Considering the fact that it is so expensive you may want to use it only for your most highly valuable employees.

Your employees may feel that there is no difference between one network to the next. You need to teach them the difference between a public Wi-Fi with no VPN, and your WPA to encrypted network at your office.

Device access

If the computer is used for work, it should only be used for work. Allowing someone else to access a computer is an enormous security risk. How do you know if this person has had the proper training? You don’t. So all of the work you put into training your employees goes to waste.

If your employees simply must allow other people to access their computer, such as their spouse or children, make sure they set up a separate account on their operating system. This will make it so that if they do download anything malicious by mistake it will not impact the other account where your company data is stored.

Physical security of devices

Mobile devices, such as smartphones and laptops, are not stolen just for their physical value. They are also stolen, particularly from employees, because the data on these devices which is more valuable.

Here is some common sense advice for the physical security of your data:

1. Cars are highly targeted. No devices should be left inside of the car when no one is inside.
2. Devices should never be left unattended in public places. This includes conferences, coffee shops, airports, or public transportation.
3. Mobile devices should be kept with the owner the whole time. When the owner of the mobile device is not using the device it should be kept locked in an office or storage.

The physical security of devices is an important aspect of cyber security, and digital data security. All too often device theft is blamed on junkies or homeless people. This is often not the case, amateur hackers can be to blame as they seek to steal the data on the device.

Encrypting your data

Let’s say that you do absolutely fantastic with your passwords, and with the physical security of your devices. They can still get stolen. This is when proper data encryption can save you. Store your most important device by creating it in:

1. Most computers and laptops have the option of doing whole drive encryption. You simply need to learn how to do this for Mac or for PC.
2. You must choose a cloud provider that encrypts the data on their servers. How much can you trust your cloud provider though? Who knows. It may be best if you encrypt the data even before you send it to the cloud provider.

Data encryption is something that your employees will not usually deal with personally. It is likely something that’ll be set up by your IT team, but they need to be aware of the fact that it is important to use.

Backing up your data

If a device is lost or stolen, you do not have to lose all of the data on it. Properly backing up your data will make it so that you do not lose anything. This is usually done through a cloud provider. You can also have your own servers to store it on.

Another reason that it is important to backup your data is because if a device is stolen you can use apps to wipe all of the data. These apps differ depending on the device, but here are some popular choices:

1. Find My iPhone
2. Mobile Security from T-Mobile
3. Lost Android

These three apps allow you to log in from a computer and remotely wipe your devices.

Software updates and patches

This can be a double edged sword. You want to be sure that your employees are updating their software. But you also want to be sure they are downloading the correct patches from authorized places. There are all kinds of ways that they can be duped into downloading an update which is not real update from the manufacturer. This is a common phishing tactic.

The best thing that you can do is to ask your employees to set up automatic installation of updates. If they are sent notifications for updates that do not install automatically they should contact the IT team to make sure that it is not malicious.

Cyber security is an important investment for your company

Cyber security is no longer just a nice idea. It is a serious problem which damages the reputations of companies on a regular basis. If you do not want your company to have its image damaged you need to start with your employees. Invest in them, invest in their training, and you will be investing in the long-term success of your company.