Creating a Culture of Cyber Security at Work
Businesses and their employees are responsible for a wide range of sensitive information that is often appealing to cyber criminals. Week 2 will provide resources and education on ways for businesses and employees to enhance their cybersecurity practices. Resources such as the DHS Critical Infrastructure Cyber Community (C3) Voluntary Program can provide assistance for businesses to learn how to improve cyber risk management processes.
Workplace Security Risk Calculator
Click this link to calculate your security risk at work:
Train Your Employees
Protecting your company online begins with ensuring your employees are prepared to assist in keeping your computers and networks safe.
The best security technology in the world can't help you unless employees understand their roles and responsibilities in safeguarding sensitive data and protecting company resources. This will involve putting practices and policies in place that promote security and training employees to be able to identify and avoid risks.
Talk to Your Employees About
- Keeping a clean machine: Your company should have clear rules for what employees can install and keep on their work computers. Make sure they understand and abide by these rules. Unknown outside programs can open security vulnerabilities in your network.
- Following good password practices: Making passwords long and strong, with a mix of uppercase and lowercase letters, numbers and symbols, along with changing them routinely and keeping them private are the easiest and most effective steps your employees can take to protect your data.
- When in doubt, throw it out: Employees should know not to open suspicious links in email, tweets, posts, online ads, messages or attachments – even if they know the source. Employees should also be instructed about your company's spam filters and how to use them to prevent unwanted, harmful email.
- Backing up their work: Whether you set your employees' computers to backup automatically or ask that they do it themselves, employees should be instructed on their role in protecting their work.
- Staying watchful and speaking up: Your employees should be encouraged to keep an eye out and say something if they notice strange happenings on their computer.
Training Your Employees
Training employees is a critical element of security. They need to understand the value of protecting customer and colleague information and their role in keeping it safe. They also need a basic grounding in other risks and how to make good judgments online.
Most importantly, they need to know the policies and practices you expect them to follow in the workplace regarding Internet safety.