Over the past few weeks we’ve talked to a few local law firms about the state of their IT, and these conversations got me thinking. Even with the amount of data these firms, and firms all over the country, have […]
In this second post of our current series on Cyber Security we’re looking at what happens after you’ve implemented security systems. Having top of the line security systems throughout your company is the start, but making sure your employees know how to use it, and continue to follow the correct procedures, is a very different battle.
Now if you’re still deciding on what levels of security are right for you, and developing an implementation plan, we suggest taking a look at this cyber planner put together by the Federal Communications Commission! It might be a little long, but it has all the information you could need, and gives you a good list of questions you should be asking.
As we stated in Part 1 of this series, “The First Steps to Online Security”, cyber security and safety starts with you. It starts with all the individuals within your company. And it only takes one to cause a serious issue if they ignore cyber security guidelines.
Making sure all members of your team are adequately trained on your security procedures and that they are continuously utilizing those follows the same general outline that you would use to establish anything new within your company, such as:
Finding the Right Leader
For a topic as important as cyber security, it’s critical to have someone who is not only excited about the project, but also extremely knowledgeable about cyber security, and all of the measures your company takes to keep itself protected. This individual should also be able to communicate effectively and clearly, be able to work with anyone, and be someone who can really sell how important this is to the business.
It’s also important to make sure that this individual has the full backing of upper management, because, as we all know, if upper management deems it a waste of time, the whole company is going to deem it a waste of time, which can be disastrous.
Make Cyber Security Training Fun
While we love IT and talking about cyber security, we know that for the majority of your team a training meeting on “Cyber Security” is going to sound like the last thing they want to do that day.
Putting in the time and effort to research the best communication methods, and ways to engage employees during this training process is important.
Make sure that you aren’t just using a power point and reading aloud. Think back to your school days, didn’t that make you want to stop paying attention all together? Use funny videos, ridiculous scenarios, and have people participate and answer questions. Try to use words like “session” or “huddle” instead of the term meeting, to make it sound less stuffy and structured. Making it fun keeps your employees engaged while increasing the likelihood that they will retain the information and use it every day.
Tip: Come up with a theme for every training session, even if they are monthly, and try not to do the same thing over and over.
Make it Visible
Throughout your training sessions come up with rules and guidelines with your team that are short and to the point but can reiterate what one should do in different given situations.
Every month, pick a new situation and email out those rules in a company newsletter. Make them into nice posters and place them around the office. Keeping these ideas and guidelines visible keeps them at the top of everyone’s mind.
While your training should be fun and engaging, this is still a pretty serious aspect for your business, so what you’re teaching does need to be practiced every day. If you notice a team member going out of their way to make sure they’re following all the security guidelines, for example, updating all of their devices with security updates before being told to, reward them. Whether it be monetarily or just a shout out at the next meeting, giving your employees that boost makes them more likely to keep up the good work, and will encourage others to do the same!
While most think that their online security is completely taken care of by the software installed on their computer, this isn’t really the case. It’s important to understand that software can only do so much, and the person sitting at the computer truly has the control over keeping their system safe. One click on an unfriendly link in an email, or one bad website visit can seriously harm not only your device but the whole network it’s connected to.
While it’s important to make the preventative training fun, and the steps constantly visible, it’s also important to make your team aware of the potentially dangerous outcomes if they don’t follow the guidelines set out.
This last section wasn’t meant to be as “doomsday” as it sounded, but just a reminder that it’s all fun and games…until someone opens a virus.
And if you have any questions on keeping your devices and network safe, or would like some help structuring your security systems, give us a call, we would love to help!
Find the rest of our NCSAM posts here: