Cyber security awareness is essential for all businesses – this is especially true for small businesses ecause they may not have the resources to quickly recover from a cyber attack. Small businesses should ensure all staff know about cyber threats and how to avoid them to help protect their customers, business and data.
Offering cyber security training to employees is a great way to keep them informed. This can mean providing them with free resources on Get Cyber Safe or the Canadian Centre for Cyber Security's (The Cyber Centre) Cyber Security for Small and Medium Organizations training course.
However, if you offer training your employees, consider adding these key points to the lesson plan.
Securing accounts and devices
Keeping a company's data safe is every employee's responsibility. While not every staff member is responsible for choosing an anti-virus software or cloud service, there are things everyone can do to protect your business.
- Ensure your employees use unique passphrases or complex passwords for each account. Include this requirement in your company's cyber security plan. Be sure to update shared passwords (like to the company's social media) when employees with access leave the organization. Learn more about creating strong passphrases.
- Make multi-factor authentication (MFA) mandatory. Ensure employees use MFA on their accounts and work-issued devices. MFA adds an extra layer of security to accounts by requiring more than one form of verification, like a security code or fingerprint. See how MFA keeps you safe.
- Automate updates. Make sure employees understand the importance of regular or automatic updates for operating systems, apps and software. Updates keep devices safe by patching potential security issues. Stay on top of software updates.
Spotting social engineering
Social engineering scams, like phishing, are very common for businesses in Canada. Help your employees learn to spot phishing attempts.
- Get familiar with red flags. Train staff on how to recognize suspicious messages, attachments and links. Remind them that phishing scams are made to look like they're from someone they know. Cyber criminals often impersonate reputable businesses or organizations. They also use phishing to impersonate coworkers, clients or suppliers. Learn about the 7 red flags of phishing.
- Avoid the unknown. Emphasize the importance of not clicking on unknown links or attachments from unfamiliar sources. Employees should confirm the identity of the sender through another source before replying to an unexpected message. Learn more about how to prevent phishing.
Staying connected safely
Network security is crucial for any business. If your company operates remotely, it's even more important that your employees understand how to:
- remote work responsibly – unsecured Wi-Fi networks are an open vulnerability for attacks
- ensure remote employees secure their home Wi-Fi by changing the default login information
- ask them to place the router in a safe location in their home, away from doors and windows
- suggest making separate networks (guest networks) for smart devices and guests
- connect anywhere securely – remote work brings your business anywhere, not just employees' homes
- ensure employees use a virtual private network (VPN) to secure their connections when accessing and handling company data
- VPNs mask your online identity and protect your data when you're using an unsecure network. See how VPNs work.
- ensure employees use a virtual private network (VPN) to secure their connections when accessing and handling company data
Conclusion
Providing employees with cyber security training helps protect your business from cyber threats. Cover these key topics and help promote a cyber secure culture. Cyber security is a shared responsibility and with the help of everyone at your company, you can help keep your business safe online.
For more tips on securing your small business, visit GetCyberSafe.ca/business.