Human resource professionals realize that hackers will target their company's employee files because the files are loaded with key information (names, addresses and Social Security numbers). Keeping your employees' information safe starts with accepting that your company's IT security is only as strong as its weakest employee's understanding of information security.
To minimize your company's exposure, all employees should be trained on safe cybersecurity practices. Below are a number of key tips for keeping your company's employee-related data safe.
Require employees to use passwords on their computer
Passwords are a quick and simple way to help keep proprietary information private.
Employees should always use strong passwords
Hackers often gain entry via compromised passwords. Use strong passwords which require the use of one uppercase letter, one number, and one symbol in their password, e.g., "Baseball@087" instead of "baseball."
Require passwords to be periodically changed
Employees should be required to change their passwords for company systems every 120- to 180-days.
Use a password management system
The most common passwords are "password," "123456," "12345678," and "1234." Without help, your employees may use easily hackable passwords like this. A good password manager can help eliminate this issue by creating an ultra-strong password for every time an employee visits a website.
Mandatory cybersecurity awareness training
Many employees don't know what to do when it comes to opening an e-mail attachment. Consider creating a cyber-safety class for all employees to keep them up to date on cyber issues and phishing scams. Require them to sign a form acknowledging that they have received cybersecurity training and that they understand your company's cybersecurity policies.
The U.S. Department of Defense has developed a good training program. It includes a video presentation, a short quiz, and a certificate of completion.
Test your employees with simulated phishing scams
Many employees have fallen victim to a phishing scam. To prevent employees from opening an attachment or e-mail from a hacker, you should educate them on what a "phishing scam" looks like when it arrives in their inbox. Test your employees with simulated phishing scams to increase their awareness before they get hit with a legitimate scam.
Block file types that often carry malware
Block executable file types from being received by e-mail or downloaded from the Internet. It is unlikely that your organization will ever need to receive these types of files from the outside world.
As your staff members access their e-mail and/or company files via mobile or tablet device, it opens up gateways to hack your company's employee data. IT professionals know they cannot fight this battle alone. That said, it is imperative for your HR department and staff to know what to look for in this ever-changing landscape.
For more information about this topic, contact senior vice president of Technology Services Brian Johnson via email, or Cindy McSwain using her information below.
Senior Vice President
Cindy McSwain leads AGH’s outsourcing services group. Her team provides payroll, accounting, funds disbursement, controller, and other financial outsourcing services to numerous clients throughout the U.S. Prior to directing the outsourcing group, Cindy served AGH’s audit clients for 10 years, working with a wide range of middle-market, closely held and family-owned clients.
Her current clients cross many industry sectors, including manufacturing, distribution, restaurants, retailers, medical, and not-for-profit. She has participated in numerous SEC filings and public registrations and has experience in mergers and acquisitions. Cindy is a certified public accountant and a member of both the American Institute of Certified Public Accountants and the Kansas Society of Certified Public Accountants.
Copyright © Drip Marketing, Inc., www.dripmarketing.com. All Rights Reserved.