Having a strong employee benefits package can set your company apart from other employers who are recruiting high-quality candidates at a time where job vacancies are high and good prospects are highl...
All organizations face information security risk—whether your employees work remotely or on premise. In order to protect your business from exposure, it’s important that you regularly educate and remind your employees about the ways they can help limit exposure to security threats. Here are three tips you can share with your employees to increase their awareness about cybersecurity.
1. Mobile Device Security—Protect the asset that knows the most about you.
Mobile devices like smartphones, tablets, smartwatches, and others are key enablers for us personally and professionally. In many cases, we use our devices first thing in the morning, throughout the day, and check them before we go to bed at night. These devices may bear witness to where we have been, with whom we’ve communicated, what we’ve thought about, what we’ve seen, and what we’ve decided throughout our day. In addition, they may capture digital artifacts about our health, finances, relationships, mental fitness, and children. In many cases, a mobile device represents a confluence of our most sensitive information in a single source.
Help your employees protect themselves and your organization by offering the following advice—particularly if they use company-issued devices:
Use strong passphrases, passcodes, or touch/face ID
Encrypt your device
Update software/apps regularly
Remove apps you no longer use
Enable proper phone/app security and privacy settings
Disable features and/or location services when not in use
Beware of public or untrusted WiFi networks when accessing private information
Don’t respond to requests via phone (voice/text) for personal data that require immediate action (often scams)
Guard your personal information as you would the money in your
An unlocked or compromised mobile device is a highly coveted find for our enemies. If you or your employees fail to protect your mobile devices, you allow an attacker a single view into all aspects of your life through linked social media accounts, contacts, banking apps, emails, photos, health data, and other information accessible from or stored on the device.
2. Prevent Data Loss
Many business leaders entrust their employees, partners, and contractors with information and data assets that are the lifeblood of their company. Managers are responsible for determining the level and scope of that access based on a person’s role. In turn, each person must protect information and data they have been entrusted with from loss, damage, and unauthorized disclosure.
Share the following security precautions with employees to help prevent data-loss incidents:
Before sharing information, ensure the recipient has a need-to-know and a need-to-use the information or data.
Ensure the recipient is able to protect the information you share with them by using approved communication channels, methods, and processes with authorized vendors, partners, clients, and customers.
Verify you are sharing the correct information with an authorized person through an approved channel; triple check email addresses and fax numbers.
Encrypt sensitive information you send through email, and verify internet connections are encrypted.
Store sensitive information on approved network shares to ensure they are backed up and protected.
Share the minimal amount of information with the fewest possible recipients to accomplish the business task.
Avoid sharing files or reports with sensitive information; engineer processes so clients may access the information through a secure self-serve channel.
Mask sensitive data fields to provide only enough information for verification (e.g., last four of the account number).
Protect the information as if your personal information was included in the data set.
Report security incidents like unauthorized disclosures immediately.
3. Report Cybercrime
Cybercrimes like identity theft, hacking, and wire fraud are, unfortunately, all too common in our current times. Cybercriminals constantly find new ways to take advantage of others. One key aspect of battling the thieves and attackers is reporting the crimes they commit. Do your employees know how and where to report incidents of cybercrime? Make sure they are informed of the different ways and places to report cybercrimes including:
Local law enforcement
Although not all local law enforcement offices have a special team to handle cybercrimes, your local police or sheriff’s department should be able to take a report for you and refer you to other useful resources.
The Internet Crime Complaint Center (IC3)
This resource, a partnership between the FBI and the National White Collar Crime Center, will take your report or complaint and distribute it to the appropriate regulatory agency, based on jurisdiction.
The Federal Trade Commission (FTC)
Although the FTC does not address individual cybercrimes, you may report a cybercrime to the FTC to help them identify patterns and repeat offenders, which they report to the appropriate agencies to aid in prosecutions. You can file a complaint with the FTC here , or, if you were a victim of identity theft specifically, you can call 1-877-IDTHEFT (1-877-438-4338) or visit identitytheft.gov.
Local victim services provider
Most U.S. cities have victim advocates that will help you following a cybercrime. They can provide information about helpful resources and give insight into the reporting process.
Additionally, it’s important that your employees know where they can report incidents internally including IT-related and physical security incidents.
While it may be impossible to completely protect your organization from a cyber-security breach, you can protect your business from the aftermath by having a comprehensive cyber liability insurance policy. We can provide you with a free analysis of your current Cyber Liability Insurance, or if you don’t have one, we can develop a Cyber Liability Insurance policy that is right for you and your company, now and into the future. Click the banner below to get started!
Brett Morgan specializes in alternative risk transfer programs, professional liability, Directors & Officers liability, and employment issues centered on protecting clients’ assets. He has an extensive background in understanding property exposures and a customer’s business processes. Brett has taught various seminars on business interruption, protecting your company while conducting business in foreign countries, and protecting your client’s internal controls from theft.