Location
Unit 203
70 Country Hills Landing
NW Calgary, AB T3K 2L2
Office Hours
Mon – Fri
8:00 – 5:00
Support 24hrs
Foolproof Employee
Security Checklist
SECURITY SNAPSHOT
$87, 800 The average total financial impact of a data breach for small-to-medium-sized companies.
$992,000 The average total financial impact of a data breach for enterprises.
46% Careless or uninformed employees contribute to 46% of security events.
35% Businesses who will try to reduce security vulnerabilities by delivering more training to staff.
61% Non-IT, C-level executives who say that data protection is a top IT security issue..
The threat inside your company
Take a look around your company, and you will see one of the biggest IT security threats you face—the people you work with.
Even the most well-intentioned employees who are the biggest advocates for your company risk leaking sensitive data or
inadvertently letting in malware that can wreak havoc on your network and systems.
For companies of all sizes, the threats from within are an ongoing concern and the hardest to predict. With employees using
multiple devices—often in multiple locations—your IT department faces the challenge of monitoring a perimeter that is a
moving target. But there are steps you can take to ensure that you’re protected. By carefully looking at the issue of IT security
from every possible angle, you can strike that important balance between allowing employees the access they need while
ensuring data security.
Top ten tips for employee security
1.
Your employees are your first line of defense.
TAKEAWAY:
In any organization, the more your employees know about how to help protect your company, the safer your business will be. Ensure that all employees know and observe company security policies. Post the policies clearly and answer any questions they may have on a regular basis.
2.
Employee education sessions are well worth your time.
TAKEAWAY:
80% of cyberincidents start with a human mistake. Reducing that percentage begins with educating employees on the dangers of attacks
that specifically target them via social engineering. Phishing, ransomware, and spear phishing are all ways that cybercriminals gain entry to your organization through employees. Data shows that when companies educate their people about cybersecurity, they have a 93% success rate at getting employees to put their new knowledge into practice. Training works, especially when you use varied and creative methods. In-person sessions, coupled with webinars, infographics and videos all help to get the message across.
3.
Educating employees starts right at the top—with your company leaders.
TAKEAWAY:
Most executives understand that cybersecurity is an issue, but many do not understand how big a role they can play. By encouraging a culture of cybersecurity awareness from the top levels of your organization, executives can help ensure not only that employees take it seriously but also that your organization is better protected. Moreover, many boards now recognize that they can often be held legally accountable in the event of a breach and must prove that they exercised due care in protecting customers and assets. When approaching executives about this topic, it’s important not to assume that they understand all of the issues involved in IT security. Filling in the gaps for them will help them to understand the complexities of this topic and to advocate for awareness across your organization.
4.
All employees should know how to inform IT about any security incident.
TAKEAWAY:
Walk them through the signs of a breach and who to call. Numbers and contacts should be clearly posted. Many employees may be hesitant to sound the alarm, but their vigilance is a vital protection. They should err on the side of caution and ask the IT department right away if something seems suspicious.
5.
Maintain control over user access rights and privileges.
TAKEAWAY:
One of the most important things your IT department can do is maintain control over who has access to certain programs, devices and sensitive information within the company. This involves understanding many different roles and possibly limiting access to certain employees, but it will ensure a much higher level of protection.
6.
Record all rights and privileges.
TAKEAWAY:
When you have a security incident, knowing who has access to which part of your organization can save you a lot of time. By recording all user access rights and privileges, you can save your IT department many steps and help mitigate the damage faster.
7.
Perform regular scans in order to catch system vulnerabilities and keep your network services up to date.
TAKEAWAY:
Your systems and network are constantly changing. With new employees and regular attrition, there are new devices and programs that need to be checked continually. In addition, users will often need new tools to do their jobs, adding new devices and programs to your network on a regular basis. It’s important to catch vulnerabilities by scheduling regular scans of your entire system.
8.
When you detect vulnerable network services and applications, analyze if you need to institute new policies.
TAKEAWAY:
Scans of your network can reveal some unexpected vulnerabilities. After you perform the scan, it’s important to re-assess whether or not you need to update your policies and procedures in order to stay protected.
9.
Update vulnerable components and applications.
TAKEAWAY:
Patches for vulnerable components and applications are continually sent out by vendors in order to address vulnerabilities. Performing these updates is essential and can often be done on a regular weekly schedule.
10.
Install a multi-layered security solution.
TAKEAWAY:
Human error will always happen. Implementing a multi-layered solution ensures that threats are assessed from multiple angles and should be an essential component of your overall security plan.
True Cybersecurity for Business
True Cybersecurity approach, combines multi-layered security with cloud-assisted threat intelligence and machine learning to protect against the threats your business faces. True Cybersecurity not only prevents attacks, but also predicts, detects and responds to them quickly, while also ensuring business continuity for your organization.