Cybersecurity: how can your employee actively help?
While human capital is one of the most valuable trump cards of any business, at the same time those very same employees may create dangers when it comes to cybersecurity. We go into this in detail and also give tips on how to keep these dangers as low as possible.
Download our cybersecurity e-book
Missing is still human
Many cyber threats arise as a result of human error - a mistake out of ignorance or carelessness. For you as an employer, it is not easy to exclude these mistakes in advance and act proactively. If something happens, you can usually only react - trying to limit and repair the damage.
Fortunately, you're not completely powerless. You can significantly improve your cyber security by defining the possible risks for your specific situation. In doing so, you need to analyze the internal factors as well as the external factors.
External factors that negatively affect cybersecurity
A common mistake is to think that it's enough to have an IT department within your company that also takes care of security against external threats. No, every employee should be aware of cyber threats that are constantly lurking.
When you have an IT department that is responsible for security measures, it is very often thought mistakenly that this is sufficient. But cybersecurity is an issue of which each individual employee ought to be aware. Many breaches could be avoided with a modicum of common sense and knowledge. First of all, there are threats such as viruses, malware and a phishing email which can still all too easily be let loose by clicking on a suspicious link. While the IT department may recognise these links easily, for the employees from other departments that is not necessarily the case.
However, they should not always be attacks. Your employee can be a risk factor simply by being careless. For example, if he misuses the privacy settings of a Google Doc, that document may fall into the hands of third parties. Or when he downloads software for testing and fills in sensitive company data.
We are also seeing more and more problems being caused by mobile applications. People tend to see smartphones as secure, and thus employees do not keep to all the security rules. A lost or stolen mobile phone that is not password protected may cause your company a lot of damage.
Problems are not only associated with employees, but also with ex-employees. Companies often do not pay sufficient attention to revoking all of an employee’s accounts (mail, access to business applications, ...) when he or she leaves and they remain accessible for a considerable time. This could be problematical if the employee who left starts to work for a competitor.
Want to know more about the external factors? Take a look at the 5 most common cyberattacks.
Internal factors to promote your cybersecurity
Your company is not only threatened by external dangers. Even within your company, your cybersecurity must be in order. It' s best to set up rules for the use of IT applications. And make sure they are complied with. Include these rules in the employment contract or an addendum.
But keep it achievable: if those rules are too strict, your employee will find it difficult to follow them. For example, it may seem safe to oblige your employees to set a new password every week - but this weakens security. It's more likely that your employee will write that password down somewhere, on his smartphone or a post-it. He'll even stick it on his own computer!
A BYOD culture (Bring Your Own Device) can also be a source of security problems. The degree of oversight that companies have on these devices is very limited and calls for specific attention in many cases. The devices will often be used for private purposes, which entails yet more risk.
Cybersecurity at your company: keeping your employees up to date
It is clear from the above that your employees play a major role in the cybersecurity of your company. And not just the people in the IT department, but all employees. To limit the problems listed, there are a few steps you can take.
It is essential to have a good IT policy – one that is monitored for compliance and which, above all, is clear and easy to follow for every user. It is also important to refresh the rules in a consistent manner. This can be managed through the provision of training or a workshop, whether or not given by experts or consultants.
In this way, you can ensure that your staff are better informed and more conscious about the security of their devices and data. Over time, this approach will help you save both time and money. Invest in your employees