Training Staff is The First Line of Defense in IT Security

Wesley Branton
Dec 28, 2018 · 3 min read

If you own or manage a business, no matter the size, digital security is an important aspect of business operations. Data breaches and other security incidents can cost companies a tremendous amount of money and seriously damage their relationship with customers or clients.

Having an IT security strategy can make a massive difference and help to mitigate the risk of operating in the digital age, even if your business isn’t active online. An often overlooked segment of these strategies is how your employees work. Your staff is often the first line of defense against data breaches.

Investing time and resources into training your staff on healthy security practices can make an immense difference in protecting your business, since many security threats can be caused by your team.

While staff training should be personalized for your specific business, there are some basic concepts that you should train your staff on. Even if some of the training seems like basic common-knowledge, there are a lot of people that may still be breaking the fundamental rules.

Strong passwords are vital when it comes to protecting logins, including email, databases, computer systems and internet connections. Weak passwords make it easy for someone with malicious intent to gain access to things they are not supposed to have access to. Your IT staff should ALWAYS change the default password on new devices, since these are passwords that hackers can easily guess or find online. When staff members create personalized passwords, they should design a password that is at least 12 characters long and contains uppercase, lowercase, number and symbols. The staff should refrain from using words or phrases in their passwords and avoid recycling passwords across multiple accounts. In addition, staff members should not use their password for accounts outside of work or share it with anyone.

It’s about more than just creating a password. It’s also about how the staff members use them. Staff should be required to change their passwords periodically, to make it difficult for someone to guess the password. Passwords shouldn’t be written down, especially at business locations where the password may be visible to the public. This includes storing passwords in a text file on a computer. If someone gains access to your network, it will be easy for them to find passwords that are stored in a digital file.

Don’t fall for phishing emails. A common way for attackers to access information or damage systems is through email and social engineering. Staff should be trained on how to recognize suspicious emails or phishing scams and know how report them to IT staff for analysis. It’s important that your staff know never to download files or click links from emails, unless they can confirm that the email is legitimate. The same rules apply to SMS text messages.

Train your staff to avoid unsafe websites. If your staff have access to the external internet, it’s important that they don’t connect to unsafe or untrustworthy websites. These sites could be dangerous and make your business network vulnerable to attacks.

At the end of the day, security software should be the last line of defense against threats. Educating employees on secure cybersecurity practices can be a simple way to dramatically reduce vulnerabilities.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade