You already route your network through a secure colocation data center. You’ve installed the latest antivirus software on your computers, and you’ve purchased your Internet service from a reliable provider. However, even though you’ve laid the groundwork for a secure business network, it still faces hacker and virus threats because of employee error.
Your employees don’t mean to endanger your company. They probably have the same web-surfing habits at work that they do at home. They visit the same kinds of websites and click on the same alluring links. However, their habits have put other employees’ and customers’ sensitive information at risk. That security risk could disrupt your business’s finances and productivity as well.
To mitigate security risks, give your employees the following rules.
1. Create unbreakable passwords.
The unbreakable password has many complicated characters and changes constantly. As your employees create passwords for their work computers, work email accounts, employee portals, and more, instruct them to use passwords that meet the following criteria:
- They must contain both upper- and lower-case letters. The more variables hackers have to guess, the less likely they will crack the password. Upper- and lower-case letters alone make hackers guess more than 52 variables for each digit.
- They must contain numbers. Numbers add 10 more variables to each digit.
- They much contain symbols. The QWERTY keyboard contains over 30 symbols, adding that many more variables to your employees’ passwords.
- They must have over eight characters.
When your employees create their passwords with these guidelines, hackers have to guess between 90 different variables for at least 8 digits, leading to more than 750 variables overall with millions and millions of different character combinations. Only a dedicated hacker could crack even one of those passwords.
Additionally, make your employees change their passwords at least once a month. The change mitigates the risk of a hacker or computer program invading your network even if it does figure out one password.
2. Back up all work on a secure server, not just a personal computer.
A virus may only infect one computer at a time. When that happens, the virus could destroy data on that single computer. The loss of even a small portion of your company’s data could ruin overall productivity, so have all your employees save their work on a secure server, not just their computer’s hard drive.
3. Don’t install programs without permission.
Employees might not know how to spot disreputable downloads. Tell them that they may not download any programs or files without permission from their supervisors. And supervisors should have a list of acceptable downloads. Not only do downloads represent a security risk, but they could clog your business’s bandwidth and reduce productivity.
As an additional security measure, install administrative passwords on every computer so that employees can’t download anything or change the computer’s network settings without help from IT or a supervisor.
4. Don’t disable antivirus, spam, or other filters.
Employees must leave these filters and programs running at all times, even when they restrict them from playing a video or audio clip. These filters may also restrict them from visiting their favorite websites. But no matter what, the filters must remain.
Again, place an administrative password on these filters and programs if you think your employees might disable them despite your rules.
5. Don’t follow suspicious links in emails, even if they know the sender.
Most employees should recognize when they receive a spam email. They’ll know not to click any links, and they’ll throw the email away. However, some employees don’t have the experience to recognize spam. Tell them that their emails must meet the following requirements before they follow attached links:
- They must come from people they know and have received email from before.
- They must align with an email subject that person would send them.
- They must not have any odd spellings, characters, or pictures.
- They must pass your company’s antivirus test.
- They must be expected. If the employee did not expect an email from the sender, they should contact that person for confirmation.
Some email providers find and sort spam automatically. Others even scan attachments before allowing users to download them. However, even if your company’s email doesn’t have these features, you can still use antivirus software to do the same thing.
6. Don’t use Internet for personal purposes except on breaks, and only visit reputable news and social media sites.
Employees shouldn’t spend much, if any, time surfing the web at work anyway. You pay them to create products and do tasks. However, employees have the freedom to browse social media, news, and informational websites on their breaks, and they may accidentally follow links that lead to viruses and spam.
Train employees on how to recognize these dangerous links, and give them a list of safe websites they may freely visit on their breaks.
7. Don’t use mobile devices on the company’s network.
Mobile devices usually have fewer security features than computers. Tell your employees to use data, or set up a guest network that doesn’t intersect with your primary one.
After you implement these rules, instruct employees to report any suspicious Internet activity. For more security tips specific to your business, contact your colocation facility or network provider.