Avatar photo

Author Bio ▼

IFSEC Insider, formerly IFSEC Global, is the leading online community and news platform for security and fire safety professionals.
January 17, 2020

Sign up to free email newsletters


The Video Surveillance Report 2022

cyber security

Critical cyber security rules your employees should know

By Daniela McVicker

There’s no denying it. When your systems are compromised, it is often the result of a human error. Hackers know this. In many cases, it isn’t sophisticated hacking techniques that expose vulnerabilities. Instead, it’s the failure of people to follow security procedures.

Of course, people cannot follow the rules that they don’t know. This is why you must have a clear set of cybersecurity rules that every member of your team must know, must understand, and must follow.

Daniela McVicker

Daniela McVicker is an editor at Top Writers Review and a blogger. She is fascinated by technology evolution and is constantly keeping an eye on the market.

Unused software and apps must be removed

Most companies have established policies that require apps, software, and operating systems to be kept up to date. This ensures that the latest security patches are always applied. Unfortunately, many don’t have policies regarding software and apps that are no longer used.

This is problematic because unused apps create vulnerabilities. Even when this software sits dormant, it continues to communicate with external servers. This leaves openings that hackers can exploit. Workers should regularly review devices, and work with IT to remove any software they are no longer using.

Unattended computers must be locked

This is a simple step. Sadly, many employees fail to take it. They justify this with excuses such as, ‘I’m just walking away for a minute.’ or ‘There’s nobody around anyway.’ Remind workers that it only takes a split-second for someone to take advantage of an unattended, unlocked device.

In fact, you should consider taking things a step further. Supply physical locks for laptops and other portable devices.

Misplaced devices should be reported immediately

This is another rule that must be stated in absolutes. There are no exceptions here. Any device that is lost or misplaced must be reported to IT or Information Security immediately. It is imperative that employees are made to understand how important this is.

All too often, employees will delay reporting a missing device. This is usually because they convince themselves that they will be able to find the device if they just look for it ‘a bit longer’, or because they dread admitting that they weren’t as careful with company equipment as they should be. It may be wise to ensure workers that grace will be extended to employees who lose a device, but that grace will not be extended to those who fail to report it immediately.

Use secure file transfer to send private information

It’s a standard operating procedure for people to simply use email to send files and other information back and forth. When that information isn’t sensitive in any way, that’s not a problem. Unfortunately, many workers don’t know when it is okay to send something via email, and when they should use other methods.

All employees should be educated as to what is considered private or confidential information. Then, they should be provided with a secure process for sending that information outside the standard email.

Work-related files and emails should only be accessed on approved devices and networks

Should you allow your employees to use public Wi-Fi to access work-related documents and accounts? What about their home networks? That’s something to think about as many businesses create and expand their policies on remote work.

While different businesses will end up creating different policies, there should be clear guidelines in place. Employees must know when and where they can access work-related documents. Further, they should also know which devices they are allowed to use in order to do so.

Limit work-related information on social media

How much information about their work should you allow employees to add to their social media? The specific rules that you set will depend on the nature of your business. However, you should be aware that social media can sabotage data security. For example, talking about a specific project on social media could be a lead-in for a hacker to target an employee to reveal intellectual secrets. Also, an employee who shares too much personal information could unintentionally give hackers the information they need to create spoofed emails, logins, and accounts.

Phishing awareness training is mandatory

Sebastian Gaines, IT security specialist at All Top Reviews says, “Seasoned IT security staff may know what to look for when it comes to fake emails and phishing attempts. Unfortunately, the average employee will not always know what the red flags are.”

Every worker should attend mandatory training that teaches them what fishing is, how to recognize the signs of it, and what to do when they believe they’ve been targeted. Further, as cybercriminals come up with new ways to exploit the trusting nature of others, employees should also attend periodic refresher courses, and receive updated training based on the latest developments.

Building security rules must be followed

Cybercriminals aren’t limited to your computer systems and networks. They can also gain access via the front door of your offices. All it takes is a door left propped open, or an employee waving somebody through a security door without checking their credentials, and a cybercriminal may have gained access to sensitive information.

It is imperative that only authorized personnel is allowed to enter any part of your buildings where computers, documents, and other sensitive information are located. There must be physical security measures put into place, and is a zero-tolerance policy for subverting those measures.

Documents must be disposed of properly

While many offices are going paperless, not every office has done so. In fact, it’s simply not an option for everybody. If you still have paper documents that contain sensitive information, part of your cybersecurity policy needs to include ensuring that those documents are disposed of properly. When an employee does not dispose of sensitive documents the right way, they don’t simply risk exposure to cybercriminals. You also risk being penalized by auditors or regulators.

Final thoughts

Keeping your customer data, intellectual property, and other sensitive information safe requires a team effort. Every staff member must know what to do as part of their job to ensure that they are not responsible for creating any vulnerabilities. You can help him do this by creating clear policies on cybersecurity.

Related Topics

Notify of
Inline Feedbacks
View all comments