5 Ways to Educate Employees about Network Security
Teaching workers how to protect your company’s network can bolster your small business defenses.
For all the firewalls, intrusion prevention systems, and anti-virus software you install on your network, it’s impossible to block every security threat to your small business. To a large degree, you need to rely on your employees to help keep your network safe. They’re on the front lines, deciding every day whether or not to download a mysterious email file attachment or to click on a tempting pop-up window. Employees need to be trained not only on why network security is crucial but also on what they can do to help prevent security attacks to the company and possibly to themselves.
The hard part is that this often requires asking employees to change their behavior. They may have to stop writing down their passwords in plain sight, stop downloading new software from the Internet, and start using passwords or stronger passwords on all of their devices, even their own smartphones. The key is to entice users to follow your security policies by showing them how they benefit from tighter network security, even if that means they can’t access Facebook when on the company network.
Here are five ways you can educate your employees about network security:
1. Engage in ongoing security training. Hackers are constantly trying clever new ways to trick even the most sophisticated users into downloading their malware or respond to a hoax email. Helping your users stay ahead of these tricks is critically important to the security of your network. Employees should receive network security training during their initial new hire orientation. But that’s not enough; training should be ongoing. Users need regular reminders, whether it’s to change their network password every few months or tips on recognizing the latest phishing scheme. Some businesses I know send a daily security tip via email to their employees. If you don’t have the in-house resources to provide this kind of ongoing effort, you and your employees can subscribe to The SANS Institute’s Security Awareness Tip of the Day.
2. Make security personal. Network security may seem like an abstract concept to employees who aren’t responsible for your company’s technology efforts. But I bet just about all of your users have home computers and make online purchases using a credit card; you can use that scenario to make your company’s security personal to your employees. Help employees understand that their information, including details about their identity, is better protected if they follow security policies to keep the corporate network locked down. Network security impacts everyone who accesses your network, and they need to understand that.
3. Be accessible to users. Employees need to know who to go to if they experience a network security incident or if they have questions about security, such as a suspicious email or an unusual pop-up window. If you don’t have on-site IT support, make sure everyone knows how to contact support personnel through your provider. It’s equally important that users know what to do—or not to do—while waiting for an answer from your security expert.
4. Tell users what to do. Security training should include information on how employees should respond to a security incident as well as how to avoid one. What should users do if they click on an attachment that turns out to be infected? Do they call your security expert for help or should they take some immediate action with their computer on their own? Employees need to know how to respond, including whether to immediately shut down their browser windows or computers if necessary.
5. Make security easy. Even the most thoroughly trained and well meaning user might be tempted to circumvent your security measures if they’re difficult to follow; so, make it easy for users to follow your policies. For example, configure your applications to automatically prompt users to change their passwords on a regular basis and make sure your anti-virus software updates automatically when it won’t interfere with employees’ workday. Also, don’t fault the user who reports a security breach. You want employees to feel safe so that they come to you with any potential security risk. Consider having an employee award program for rewarding the right behavior.
What network security measures do you currently have in place? Compare your policies against this network security checklist.