Educating Employees on Cyber Security

Computer security training isn’t just a matter of giving employees information. Knowing best practices is important, but it helps only if employees understand that they make a difference.

Talking about “viruses” which “infect” computers gives the wrong message. It suggests that attacks are just something that happens to computers, like catching a cold. The truth is that user errors make the majority of malware attacks possible, and that employees who think about security can avoid most of them.

Let’s start by going over best practices that encourage the proper mindset and promote secure action.

Email

Email is where users make the most security mistakes. Employees need to recognize three things:

• Anyone can send them a message.
• If they open an attachment, they could be running computer code somebody sent them.
• Some people who send email are nasty types who will use any lie to get them to open nasty attachments.

It’s not a “virus.” The attachment can’t do anything unless they open it. If they report suspicious mail to an administrator instead, their computers will be much safer.

Unsafe links

Clicking on dubious links is another way employees invite attacks. What employees need to recognize here is:

• Browsers have bugs that malicious websites can exploit.
• The nasty types I mentioned before like to make social media posts or blog comments linking to those sites. They use “clickbait” such as claims about breaking news.
• Just accessing those sites can be enough to open the computer to an attack.

In an ideal, bug-free world, users could access any website without risk. However, browsers do have bugs, so employees need to be cautious about what links they follow.

Passwords

Weak passwords are a third big area for user error. Certain passwords are at the top of attackers’ lists for guessing, because they’re the most widely used ones. These include ones like “password” and “123456.” Criminals who guess them can get into their accounts and grab confidential information or manipulate company data. Employees need to know these things:

• Attackers will try to get into any account where they know or can guess the user’s login name.
• Computers can make lots of guesses in a short time.
• Passwords that are long and hard to guess are necessary to thwart these attempts.

Employees who use easily-guessed passwords are effectively leaving the door unlocked. Anyone with malicious intentions will have an easy job of getting into their accounts and doing damage.

Mobile devices

Smartphones and tablets are the newest targets for attack. They’re subject to the same kinds of attacks as desktop devices, but people don’t think about them as carefully. In addition to the other risks, they’re easy to lose. Employees need to recognize:

• A mobile device is a computer, and they need to protect any information on it.
• If it gets into a thief’s hands and the thief can open it, they’ve given away any information it contains.

Encrypting their devices and requiring a strong password to unlock it is the best protection. Even so, employees should minimize the amount of sensitive information they store on them.

For each risk, the language needs to be about attacks and intrusions, not “infections.” Employees are responsible for keeping their devices and accounts safe, and what they do makes a huge difference.

Centerpoint IT is the trusted choice when it comes to staying ahead of the latest information technology and security tips, tricks, and news. Contact us at (404) 781-0200 or send us an email at info@centerpointit.com for more information.