Your Company’s Cybersecurity Begins with Employees

In this climate of record-setting data breaches, it’s far too easy to assume that hackers only go after the “big guys.” While nabbing millions of customers’ records from a major brand-name corporation might be a great payoff for cybercriminals, the reality is smaller businesses are just as likely, if not more likely, to be a target. 


As a general rule, small companies don’t have the budget for building their own IT departments or investing in the latest cybersecurity protocols. Too often, employees in small companies already wear multiple hats, meaning the ability to hire an in-house cybersecurity professional might be out of reach financially. Finally, the limits on technology and shared access in many small businesses can mean that computers and mobile devices might be more vulnerable to attack, and hackers know it.

Fortunately, the government is at work on developing guidelines that can help protectsmall-to-medium-sized businesses, but in the meantime, there is more that companies can do to build up a frontline of defense. Things like investing in affordable antivirus software and establishing standard protocols that will prevent infections are key, but there’s another solution that can reduce your risk exponentially, and it’s practically free.

All too often, employees are the weakest link in the cybersecurity chain. Whether it’s responding to phishing attempts, turning over sensitive information in spearphishing attacks, downloading viruses or malware to the company network, or any other intentional or accidental behavior, getting your employees on board with prevention can do wonders for mitigating the risk of a breach.

Like many other business tools, employee training can run the spectrum of cost from free to Cadillac pricing, and it will be up to each company to decide what level of training they need. However, establishing some guidelines for computer use and employee tech behavior doesn’t cost you anything:

1. Make sure employees understand the risks associated with downloading content, opening attachments in emails, or clicking on links in messages or on the web.

Many forms of ransomware, for example, infiltrate the network by starting out as a link or attachment. Spread the word routinely about the latest threats and make sure the message reaches all employees, regardless of their role.

2. Robust antivirus software can help protect your network in real-time and prevent malicious software from installing, but it can only catch the threats it knew about when it was installed.

Keeping that software up-to-date and making sure your employees install updates as they appear is important.

3. Knowing how to respond in the face of a data breach or other attack is critical, and it should be automatic among all employees.

Moreover, your company’s policy needs to be specific, but not so dire that employees attempt to cover up a tech mistake out of fear of termination.

Sadly, preventing intentional internal data breaches is important, too. Companies should evaluate not just what information they gather and why they need it, but also make a determination about which employees can access sensitive information. If an employee doesn’t need access to certain data to fulfill their job, steps should be in place that prevents access.