Employees need to know what their employers’ philosophy is behind technology. Does my employer want me to use whatever app I choose? Can I just store and share work information where it is most convenient for me? Will my employer listen when I explain how much my cloud app does to improve my workflow? If you as the employer listen, you could save your business from an incident or a serious breach.
It is amazing that the news is filled with data breach, data loss, ransomware, and spear phishing, and yet many businesses still think they are immune from an attack. If you are connected to the Internet, you are a highly susceptible victim. Do not take this to mean that you should not run your business with the highly efficient and collaborative tools that cloud services offer. It just means think and act to protect your enterprise assets and employees.
Let’s first cover where a major number of incidents start. Your enterprise weakness . . . the employee. It doesn’t matter if you have the best employees in the universe, they are human. Hackers perfect the way they attack; that is their job. They have become so good at what they do that good employees send out W-2s, transfer millions to banks in foreign countries, and hand out their logon credentials without question.
Now let’s talk about what you can do to help your employees to not become victims.
- Educate them; make them a part of the process. Communicate. It is everyone’s fight.
- Go ahead and make your most techy employee an honorary go-to person for others with questions.
- Gain visibility with proactive monitoring tools. Trust me–this is not an employee privacy invasion. You need to know what is going on first; then make informed decisions.
- Make sure there is a process in place for an employee who questions something. Make the process part of your Acceptable Use Policy (AUP).
And then the important basics we all know, but are worth repeating . . .
- Back up regularly and make sure your recovery process is tried and true. Think ransomware attack recovery, so keep it where you can get to it but others can’t.
- Patch – There is no longer an option to do updates. Many are for security, so just do it and do it consistently. It’s patch management, not patch whenever.
- Passwords – Maintain, manage, and get creative. Use a password manager if needed.
- Off-boarding – Make sure to purge all credentials for ex-employees or contractors. How do you know if they are still there? Monitor!!
- Layered security – Get a firewall, but don’t expect all-in-one add-ons to be impressive. For example, don’t expect the firewall Web-use reporting feature to provide comprehensive and interactive reporting capability. Invest in the solution that means serious employee Web-use reporting business–no more wishy-washy reports that are useless.
Think and act to protect your enterprise assets and employees. Take some time to communicate with your employees about the exploits that they may fall prey to. It is not their fault; they are not an “insider threat” but a potential victim to very smart thieves.
About Wavecrest Computing
Celebrating 20 years in business, Wavecrest Computing, headquartered in historic downtown Melbourne, FL, has provided commercial business and government clients with reliable, accurate Web-use management and Cloud Access Security Broker products since 1996. Managed Service Providers, IT specialists, HR professionals, and business managers trust Wavecrest’s Cyfin and CyBlock products to manage employee Internet usage — managing cloud services, reducing liability risks, improving productivity, saving bandwidth, and controlling costs. Wavecrest has clients worldwide, including General Electric, Lockheed Martin, Florida Department of Health, Siemens, Department of Homeland Security, and a growing list of global enterprises and government agencies. We are a proud long-term GSA contract holder. For more information on the company, products, and partners, visit https://www.wavecrest.net.