Los Angeles, Calif.
With the consumerization of IT and bring-your-own policies, IT departments are often left at the whim of the average end user. You can set-up firewalls, require employees to use VPN, and patch servers but you simply can't remove human error from your business security. Here are the top best practices that employee should know.
1. Everyone must use anti-virus software and keep it updated. Make sure you as the business owner are providing an option for PC and Mac users. Ideally you have a centrally managed AV system where you can tell who is up to date and who isn't, if you don't centrally manage make sure employee know how to check and update the software.
2. Encourage employees to use unique and strong passwords for all their accounts, including company issued and personal accounts. Frequently, employee follow security protocols for their work accounts, but have poor security hygiene for everything else. Many times third party services, such as Dropbox and Google docs, are often set-up as personal accounts by employees but end up being used to share or store work information. Have company account with these services so that you can manage where your data is, if you don't set a policy you data will be everywhere.
3. Require that employees add PINs to all phones and tablets that contain any work related information. If you use a service like 0365 then you should force users to have PINs set. People lose their phones – it is a fact of life. If employees lose a device that is not at a minimum PIN code protected, then their email and other company assets are vulnerable too.
4. Educate employees on social engineering. Social engineering takes advantage of common online social interaction to gain information to hack personal or work systems. Advise employees to be wary of any requests for information via email, social sites, and even phone calls.
5. Malicious links can come from everywhere – not just email. Employees need to evaluate the links they click on their email, Facebook, twitter, and LinkedIn. Never click on a hyper link - where you can't see the URL, and always check the URL before clicking on it. It is very common for fraudster to use links that look very similar to the real website but with minor misspellings.
6. Encourage your employees to use a password management system like LastPass. This way, they will always use unique and strong passwords but they don't have to memorize dozens of passwords."