Empower Your Team: Employees Play a Critical Role in Protecting Your Company’s Data

This article originally appeared in the May 2017 issue of Smart Business Philadelphia.

Sassan S. Hejazi, Ph.D.Cybersecurity is an ever-present concern for business leaders with valuable data to protect and multiple potential entry points to secure against being infiltrated by hackers, says Sassan Hejazi, Ph.D., Director of the Technology Solutions Group at Kreischer Miller.

“The companies that are most prepared have upgraded their protections on hardware devices and infrastructure, as well as implemented protocols to safeguard their materials,” Hejazi says. “However, even these proactive organizations face vulnerabilities.”

Cybercriminals tend to be quite resourceful and are constantly in search of new ways to wreak havoc on systems and networks everywhere. Your employees need to be aware of this constant threat and should be armed with knowledge and tools to help protect your company against an attack.

“A continuous awareness mechanism that begins at the top and cascades all the way down to new hires is the best solution,” Hejazi says. “Enable employees to not only identify security threats, but also to act as a deterrent towards such threats.”

Smart Business spoke with Hejazi about the tools available to reduce your risk of a cyberattack and the value of continuous employee training.

What steps are most effective in any cybersecurity initiative?

The measures you implement to secure your company need to be built around user awareness and training. Technology changes on an ongoing basis as upgrades are made to both hardware and software and new tools and applications are developed. Educate employees so they know how to respond if they get a questionable email request. Ensure that they understand the risk of transferring data from your company network to a home network, where the employee or family members could inadvertently expose sensitive files to the outside world by visiting unsafe websites.

Keep in mind that even if these files are stored on the same computer the employee uses in the office, that computer is now being accessed through a potentially unsecure network. Also, laptops can be stolen. Take steps to encrypt important information so that even if it does fall into criminal hands, it will be difficult to decode.

It’s wise to implement practices that cover things likes printed files. These documents should not be left on the printer for any length of time, nor should they be left at someone’s desk where the information could also be exposed. Most security breaches occur due to human error. Even if it’s an unintentional lapse, it can still create a significant problem.

How can social engineering play a part in protecting your company?

Many middle-market companies have outsourced their IT duties, often through a help desk function that can be accessed by employees. It’s important that someone be designated as the contact point to address these concerns, even if it’s not a full-time person who is on site every day. You don’t want a cyberattack to occur that could have been prevented had there simply been an IT person in place to field a question.

Online courses are another effective tool to teach employees about smart technology practices. You can subscribe to courses and develop an ongoing curriculum for your employee that addresses updates and changes as they occur.

Another successful strategy is penetration testing. Create a scenario such as a fake phishing email, send it out to a select group of employees and see who responds. It’s always better if an employee “flunks” this test and learns a valuable lesson in the process rather than respond to a real phishing email and expose your network. You can also have a “stranger” walk into your office pretending to be a visitor and evaluate how your team handles the situation. Do they question it or assume that the person is OK and go back to whatever it was they were doing?

Take opportunities to not only protect, but verify that your protection measures are effective. You don’t need top-of-the-line IT protection if your company has limited financial resources. Develop a plan in which systems are updated on a regular basis and training and awareness is an integral part of your safety program. Costs have come down in recent years, so you should be able to find an option that is right for your business.

Sassan S. Hejazi can be reached at shejazi@kmco.com or 215.441.4600.

You may also like: