Employees & Small Business Security
Let’s face it: without the proper employee security awareness and training put in place, your employees won’t be able to recognize and address the risks that are actively targeting your business.
Between good password habits, data breaches and business email phishing scams, you have a lot to consider when it comes to your business security. Your employees’ security habits in the office (or lack thereof) can significantly impact your overall business security.
Follow us through Part 1 of our Small Business Security series where we discuss three major security risks to your small business, and how your employees can make or break your business’ security.
Making or Breaking Your Business Security
As a small business owner, protecting your sensitive business, customer and employee information is not always top of mind. But, small businesses are especially unique in terms of security because of their small size.
Small business owners are often led by the misconception that their businesses are not targeted in data breaches. However, smaller businesses mean smaller budgets – which in turn, usually means decreased IT security. Contrary to popular belief, 61 percent of data breach victims in 2016 were businesses with under 1,000 employees. The financial losses from small business data breaches – averaging around $665,000 – are enough to put 60 percent of SMBs out of business within 6 months.
Employee Impact: The Ponemon Institute found that 48 percent of small business data breaches were caused by employee error. Interestingly enough, nearly 30 percent of employees said data breaches were an “average” priority on their list.
Simply put, weak passwords = weak business security. Emphasizing strong passwords is key when it comes to effective employee security awareness training. LastPass found that 61 percent of us are more likely to share work passwords than personal ones. But sometimes it’s necessary for your employees to share passwords at work in emergencies, through team-sharing accounts, or when delegating work to others.
Employee Impact: Unfortunately, 59 percent of small business personnel said they did not have visibility of their employees’ password practices. This is especially concerning because 20 percent of employees are using easily hackable passwords in the office, and 7 percent are using passwords that have been previously compromised in a breach.
Whether it’s to steal business funds, sensitive business, customer or employee data, or to install harmful software onto company devices, phishing emails can impact businesses of all shapes and sizes. Phishing attacks have been on the rise since 2004, significantly increasing 65 percent between 2015 and 2016. Since 2015, more than $3 billion has been lost to business email compromise.
Employee impact: Employee security awareness of phishing attacks is so important because 91 percent of hacking attacks started as phishing emails last year. However, 97 percent of people around the world cannot identify a sophisticated phishing email.
Fail to Plan, Plan to Fail
Every business’ security program will be different simply because every small business is unique. Your business’ security program should appropriately address the information your business handles, and how your employees could potentially impact that information.
The PCI Security Standards Council suggests you consider the following eight areas when creating your own business security program:
Authentication: Are my employees creating strong passwords and using multi-factor authentication or password manager services?
Network Connection: Are my employees using secure Wi-Fi networks and aware of the numerous hacking and IoT vulnerabilities?
Access to Devices: Are my employees using business-approved devices in the office?
Physical Security: Are my employees physically protecting work-issued devices and sensitive business information, especially while travelling?
Data Encryption: Are my employees properly handling encrypted business, customer or employee information?
Back Up: Are my employees regularly backing up data so that it can be recovered if it’s ever lost or stolen?
Software Installation/Patching: Are my employees regularly updating software with the latest security patches?
Basic Security Hygiene: Are my employees considering basic preventative measures they can take – anti-virus programs, firewalls, good email and password habits – to further secure business information?
What should I do?
Get a head start by using the checklist above to see where your current security program may be lacking. Stay tuned for Part 2 next month where we’ll show you ways to make business security in the office more fun for you and your employees.
This article originally appeared in Fighting Identity Crimes.