Your company needs more than strong security procedures; each employee must function as an “employee firewall” at their workstation. Remember, your employees trust the Internet and social media; this makes the Internet one of the greatest security risks to your business.
The “employee firewall” concept asks each of your associates to be conscious of their online activities and physical location and to act as a protective barrier against unauthorized access to account numbers, user IDs, passwords and tokens. To introduce the “employee firewall” concept, business managers need to focus on teamwork and personal responsibility for everyday security.
Five Security Principles for Your Employees
1. Secure Your Workspace – Secure your mobile devices, computer, laptop, desk and office against unauthorized access.
2. Protect Data – Whether paper or electronic, secure company and client data from access by the wrong people.
3. Be Cyber Smart – Raise awareness of phishing scams and protect sensitive data on social media.
4. Educate Yourself – Learn about security so you can protect yourself, your family and the company.
5. Report Issues – When you encounter a security threat, know what to do and who to engage on it.
Rules for Online Safety:
If You Weren’t Looking For It – Don’t Install It
Only install software or add-ons you need.
Beware of “free” offers. Use software and download apps from legitimate sources only.
Avoid links in e-mail or attachments; they may hide malware.
If You Installed It, Keep It Updated
Maintain the latest version of software on your system.
Update and patch software vulnerability.
Keep virus and intrusion protection updated.
If You No Longer Need It, Remove It
Don’t leave a back door open that you don’t monitor.
If you keep seldom-used programs, update them.
Use Complex Passwords
Strong passwords – 8 to 10 characters long, with letters and numbers.
Avoid using the same passwords for multiple sites.
Never allow your operating system to save your passwords or User IDs.
Internet Safety Standards
Practice safe e-mail – if you do not know where it comes from, DELETE IT.
Fake e-mails contain fake contact information – Don’t call and talk to the crook.
Be suspicious of dropped Internet sessions immediately after entering login credentials – your session might have been hijacked.
Train, Train, Train
The 2014 State of Cybercrime Survey reports employee training and awareness is very effective at deterring and responding to incidents. Yet at most organizations, it is lacking. Those without any security awareness programs have higher losses from cybersecurity incidents.
Was this article helpful? Subscribe to Insights and receive regular notifications about articles and information regarding banking and your business.
2015 AFP Payments Fraud and Control Survey
2015 US State of Cybercrime Survey
2014 US State of Cybercrime Survey
2014 Transforming Cybersecurity Report – Deloitte Services, LP
2015 Internet Security Threat Report – Symantec
2015 Check Point Security Report
Krebs on Security, Issue #20, May 11, 2014
This article is for informational purposes only. We recommend that your business also obtain data security and anti-fraud advice from experts who are familiar with your business’ information security controls. While this document will provide you with suggestions on controls, best practices and risk management, these recommendations cannot replace the services of dedicated data security and anti-fraud experts with an in-depth understanding of your business and operational infrastructure. Consult an accountant, legal counsel, cyber-insurance expert and/or other appropriate business advisor before using this material or deciding how to proceed in any specific situation.