In 2014, 60% of SMEs experienced a cyber-breach with the average costs of the worst breaches being £65,000 to £115,000(1). With the increased convenience of the internet comes an increased risk of hackers and cyber vulnerabilities. As cyber security becomes an increasing problem costing SMEs more and more money each year, you need to have planning and implementation in place to protect yourself against risks. As a first line of defence, your employees should be aware of how to protect your business and the risks it’s potentially exposed to. Education and awareness is key to ensure your employees are prepared to assist you in keeping your business safe.
Talking to your employees
This may not be at the top of the list of items that employees want to hear about but knowing is half the battle. Talking to them about the below items will help to ensure they can safeguard against sensitive data and company resources.
- Keeping a clean machine – You should have clear set rules of what employees can install and keep on their work computers. This includes documents and programs but also external drives such as USB, which could bring in vulnerabilities from their own personal computers. Make sure they understand and abide by these rules.
- Follow good password practices – Creating secure passwords is the easiest and most effective way to defend yourselves. Passwords should be long and strong with a mix of numbers, upper and lowercase letters and symbols and changed routinely. You can set some systems to remind you to update your password every 3 months to ensure all staff do this.
- When in doubt, don’t open it – make it common knowledge that suspicious emails and links shouldn’t be opened even if you know the source. Hopefully your work computers will have security filters installed to help scan any incoming or outgoing emails.
- Be on alert and communicate – Tell employees to keep an eye out for any suspicious activity that can happen at any time and if they do think they see anything, to speak up about it to be investigated.
Educating and training your employees
After making your employees aware of the basics of cyber security, you may want to take further steps to invest in training. This could be in the form of an internal refresher course every six months to a year which is mandatory for all staff just to refresh them on what the standard practices are and how their role fits into the bigger cyber security plan. Showing them case studies of real life cyber breaches could be useful in showcasing just how easily cyber breaches can happen at every point of the business. If you have a bit more budget or you feel you want to protect your business to the utmost then consider sending your staff to external workshops, where they can be trained by someone who specialises in this area to giving them as much knowledge as possible. It may seem like a cost but think of it as investment as these are the people who will be helping to protect your business and its data.
Implementing this into your culture
The culture of your work environment should encourage personal responsibility for their own computer security and everyone else’s along with an up to date IT policy. To do this, creating and implementing a cyber-security guideline helps, including best practices, leavers process and contingency plans in the event of a cyber-attack. It doesn’t have to be complicated; it could be something simple from a few pages to tens of pages. This all helps to engrain these practices into the everyday culture so that everyone is fully engaged and involved.