How to Get Your Staff Up to Speed on Data Security

Cyber crooks are counting on your staff to be unsophisticated when it comes to data security. Here’s what you need to do to ensure your employees are properly trained to prevent a data breakin.

Having recently attended a roundtable sponsored by the FTC for small- to meduim-sized businesses on the topic of cyber security, one theme seemed to be constant. Small business owners expressed to the FTC that they do not have the time to train their employees when it comes to cyber and network security. They are simply too busy running their businesses and they do not have the depth of knowledge in the area of IT cyber security.

However, employee training might be the most important security defense business owners can implement. The FBI and others that track data breaches and cyber attacks state that 90% or more of data breaches are the result of employee actions and more than 70% of data breaches happen to companies with 100 or fewer employees. And today, email is the preferred tool cyber criminals use to break into a computer or network.

Cyber criminals use social engineering in order to trick users into opening an email or attachment or click on an embedded link. They know employees are using company computers for personal activites and they exploit that fact. Couple that with the fact that most employees are not well trained in spotting suspect emails, links, attachments and websites, and the result is a high level of successful breaches.

Training employees in cyber security not only raises the level of network security, but could produce a high ROI because data breaks are costly. Cyber criminals continue to refine their deception and therefore employee training should be an important component of network security. This training should not be a single event but rather an on-going process.

Training best practices

So, how does a business owner provide adequate training so employees can be part of the solution? At a minimum, they should do the following:

  • Bring in a company that understands and deals with network security and network operations. They must be able to adequately explain the nature of the threats, how to spot a threat and how to defend against the threat using real-world examples and tools that can be easily implemented in the business.
  • Provide on-going training so network security stays top-of-mind. There are cost effective services an employer can subscribe to, which will provide a constant drip of on-line training materials and keep employees educated regarding current threats.

When it comes to overall threat protection, a business must deploy mutiple layers of defense. Strong and consistent employee training is one of the most important layers.

Steve Giordano is president of TeamLogic ITLearn more about the company by clicking here.

Share
  • Email
  • Next up: How to Not Mess Up a Social Media Policy
  • More in Operations
  • How to Not Mess Up a Social Media Policy

    Why should you have a social media policy in place for your employees? Small companies are prone to falling victim to social media pitfalls such as damaging the company’s brand or even dropping the company straight into a legal quagmire, Fresh Squeezed Mind’s Ted Moss says. Here are six things to consider when crafting your own workplace policy.

    Why should you have a social media policy in place for your employees? Small companies are prone to falling victim to social media pitfalls such as damaging the company’s brand or even dropping the company straight into a legal quagmire, Fresh Squeezed Mind’s Ted Moss says. Here are six things to consider when crafting your own workplace policy.

    The Ground Rules

    You’re going to want your general social media guidelines to hit on a couple of areas, Moss says.

    • How employees are using their own personal accounts.
    • How they are using work-related accounts.

    Focus on whatever your highest priorities happen to be. For instance, you likely will want to define roles. Who is responsible for what, and what, exactly, are these responsibilities?

    “Be clear on what this entails,” Moss stresses. “Who’s approving these posts? What kind of tone are you trying to set? You’re also going to want to make sure whoever is designated to handle social media is aware of potential legal issues.”

    About Those Legal Issues …

    So, what legal issues should you be thinking about? For starters, Moss says you’ll want to ensure you are properly citing the work of others if you’re reposting content. Emphasize also that your employees aren’t playing too fast and loose with the company’s (or customer’s) confidential information.

    Dealing with Trolls

    Moss detailed earlier about how you should respond to social media and Internet criticism of your company. But what about trolls? We’re talking people who are being mean for mean’s sake. There are five ways to deal with these trolls, he suggests:

    • Ferret out if there is any fair criticism and correct any mistakes you might be making.
    • Respond calmly with facts.
    • Respond calmly, perhaps with a humorous touch.
    • Block or ban these social media users if you can.
    • Just plain ignore them.

    Your social media marketing activities should emphasize the more fun side of your business while raising awareness of your brand. Folding the above into your strategy will help you achieve those goals—and keep you out of any social media hot water.

    Aaron Rock is one of the creative minds at Fresh Squeezed Minds, a creative digital marketing agency in Cleveland. Want to get your business featured just like Fresh Squeezed Minds did? Contact our membership team to see how you can promote your business know-how on the COSE site and newsletter that is emailed out to thousands of business professionals each week.

    Share
  • Email
  • Next up: How to Protect Yourself from a Ransomware Attack
  • More in Operations
  • How to Protect Yourself from a Ransomware Attack

    A ransomware attack can be devastating to a small business. This is what you need to know to keep yourself protected.


    Share
  • Email
  • Next up: How to Safely and Gracefully Handle Employee Terminations
  • More in Operations
  • How to Safely and Gracefully Handle Employee Terminations

    Nobody wants to do it, but occasionally terminating employees is part of the job for a small business owner. Use these five tips to help make your next termination situation go as smoothly as possible.

    No one wants to terminate an employee. They may have worked for you for a long time and feel like a member of the family, or they may be new but just didn’t work out. The termination may be due to their performance or other issues such as budgets, or maybe you are cutting back during the pandemic. No matter the reason, it is a stressful situation for both you and for the employee. The reasons for the termination will vary but the act of the termination and how you handle it will go a long way to insuring a safe and easy transition for everyone involved. 

    In my security practice, I have been brought in to assist in many employee terminations including coming in as armed protection for the business. Here are some tips I have garnered during these experiences that may help you in the event you have to terminate an employee:

    Termination Tip No. 1: Remain Respectful
    Respect the employee and remember they are people with feelings. Help them to maintain their dignity. Treat them fairly and respectfully. Constantly assess the person’s emotional status throughout the process. Are there changes? Are there signs? If you detect or anticipate any issues, call in additional help.

    Termination Tip No. 2: Plan Ahead
    If there is due cause for the dismissal, the employee should have received warnings and therefore the dismissal should not come as a surprise. Plan for how you will notify the employee and how you will conduct the termination. Never surprise them. 

    RELATED: How to fire someone and not get sued.

    Termination Tip No. 3: Document, Document, Document 
    Be sure to document all of the events and communications surrounding a termination. This should include (but not be limited to) the dates, times and topics of disciplinary conversations; the warnings given; and examples of performance issues. If it is a budget issue or the pandemic causing you to cut back, tell them. This protects you as well as helps the employee to understand the issues that led to their termination.

    Termination Tip No. 4: Secure the Situation
    Involve your security department or consider bringing in an outside security department if necessary. This step will help in reducing any workplace risk and averting any potential workplace violence or shooting incidences, especially if the employee has a history of violence or has proved to be threatening in any way. Research has proven the first seconds and minutes before law enforcement arrives on scene are the most critical. Remember that the situation may not stop at the front door of the building. The danger can come from what is in the employee’s car or even the car itself can be used as a weapon. 

    RELATED: Read more from Tim Dimoff.

    Termination Tip No. 5: Safety is Key
    Safety is important and needs to take precedence during a termination. Try to have someone watching while an employee while they clean out their desk. If they seem too upset to drive, call a car to drive them home. 

    Nothing can guarantee complete security but taking these steps will help to avert a potential confrontation or even a violent situation.

    President, SACS Consulting & Investigative Services, Speaker, Trainer, Corporate Security ExpertTimothy A. Dimoff, CPP, president of SACS Consulting & Investigative Services, Inc., is a speaker, trainer and author and a leading authority in high-risk workplace and human resource security and crime issues. He is a Certified Protection Professional; a certified legal expert in corporate security procedures and training; a member of the Ohio and International Narcotic Associations; the Ohio and National Societies for Human Resource Managers; and the American Society for Industrial Security. He holds a B.S. in Sociology, with an emphasis in criminology, from Dennison University. Contact him at info@sacsconsulting.com.

     
    Share
  • Email
  • Next up: How to Successfully Manage Teleworking During the Pandemic
  • More in Operations
  • How to Successfully Manage Teleworking During the Pandemic

    Telecommuting is the way of the world right now. Here are nine tips to effectively manage a teleworking policy.

     

    We are nearing the end of 2020 and there is still no end in sight to the pandemic. As a result of this, you may have already had employees working from home. You may still continue this practice or you may decide that you want to utilize teleworkers. While this is a good way to keep everyone safe, it does bring new problems and potential stress with it. 

    For telecommuting to be successful, it requires everyone to be flexible and, as a result, you may need to adapt new business practices. Teleworking can be productive if your company takes the time and proper steps to review and update your existing policies or to craft temporary new ones.  

    Here are nine tips that may help you to successfully manage a teleworking policy:

    Telecommuting tip no. 1: Establish eligibility and create procedures.
    Create a telecommuting policy that defines who is eligible to work remotely, whether it’s companywide or based on job role and performance. Make sure you clearly define which employees are eligible for teleworking, the duration of expected telework project and any specifics such as who provides any equipment, etc. Also define the responsibilities of both the employee and yours as the employer. Make sure you specify that as the employer, you retain the right to make changes at any time.

    Telecommuting tip no. 2: Create an agreement.
    Have employees agree upon and sign a policy that outlines the specific requirements of working from home. This is an important step to help manage communications and expectations.  Include items such as the frequency and method of communication from employees, specific expectations regarding required daily or weekly phone calls or other methods of communications with supervisors, etc., how hours will be recorded, what technology or equipment the employer will provide, what reasonable work expenses are reimbursable for telework needs and contact information for any questions regarding these telework requirements.

    RELATED: Five tips to make working from home work for you.

    Telecommuting tip no. 3: Utilize existing policies to help make it work.
    Your written policy should emphasize that employees must continue to abide by all pre-existing workplace policies while teleworking and that failure to follow the existing policies while teleworking may result in disciplinary action, including possible termination of the telecommuting arrangement. Be sure to enforce the policies equally to everyone to avoid any discrimination issues relating to gender, race, etc.  

    Telecommuting tip no. 4: Set up a trial.
    It might be a good idea to set up a trial period of a few months to see if teleworking fits your business and your employees. This will give you time to see if your employees can adapt to working from home. 

    Telecommuting tip no. 5: Beef up security.
    Teleworking demands excellent cybersecurity. Have your employees install security software, and password protect any devices they will be using to access confidential company data. If remote working is not already a standard practice at your company, it is important to adopt policies dealing with issues such as network security, protection of company confidential information and timekeeping. This should include dealing with practical concerns, such as prohibiting employees from working out of coffee shops and who else has access to any equipment, etc. 

    Telecommuting tip no. 6: Define hours, days and other working issues. 
    It will help everyone if you can keep working hours consistent. Clearly define the times that employees are expected to be working and to be online so co-workers and clients are aware of their availability.

    Telecommuting tip no. 7: Encourage daily updates.
    Regular video chats or status calls will help keep your employees on task, while setting goals and deadlines with colleagues. It will also provide you with peace of mind that your workers are being productive. 

    RELATED: Read more by Tim Dimoff.

    Telecommuting tip no. 8: Evaluate performance.
    It is also important to keep track of teleworking employees’ hours and performance and to make adjustments if you find they’re not abiding by your agreement.

    Telecommuting tip no. 9: Reinforce privacy policies.
    Remind your employees that HIPAA and data protection laws still apply wherever they are working. 

    As an employer, if you develop and support teleworking efforts and review, revise or create applicable policies that ensure your employees are complying with your business’s needs during the crisis, you and your employees will most likely have a successful teleworking experience.

    President, SACS Consulting & Investigative Services, Speaker, Trainer, Corporate Security Expert Timothy A. Dimoff, CPP, president of SACS Consulting & Investigative Services, Inc., is a speaker, trainer and author and a leading authority in high-risk workplace and human resource security and crime issues. He is a Certified Protection Professional; a certified legal expert in corporate security procedures and training; a member of the Ohio and International Narcotic Associations; the Ohio and National Societies for Human Resource Managers; and the American Society for Industrial Security. He holds a B.S. in Sociology, with an emphasis in criminology, from Dennison University. Contact him at info@sacsconsulting.com

     
    Share
  • Email
  • Next up: How Twitter Reacted to the 2016 CIO Symposium
  • More in Operations
  • How Twitter Reacted to the 2016 CIO Symposium

    Roughly 200 IT leaders from across Northeast Ohio gathered last week to discuss the major issues impacting the local tech scene as part of the 2016 CIO Symposium. Topics ranged from talent, to data science, to leadership lessons from a former astronaut.

    Roughly 200 IT leaders from across Northeast Ohio gathered last week to discuss the major issues impacting the local tech scene as part of the 2016 CIO Symposium. Topics ranged from talent, to data science, to leadership lessons from a former astronaut.

    Attendees were quick to go to Twitter (this was a technology conference after all) to give their take on the symposium’s major themes. Below is a sampling of the Twitter reactions from the 2016 CIO Symposium.

     

    Share
  • Email
  • More in Operations