Blogs

Computer Learning Month 2019 – Part 1: Small Business Security Awareness Training

Let’s kick off Computer Learning Month by debunking a common myth of the business world. Many business owners think that hackers only target companies with the largest payoff, like banks and major financial organizations. In fact, this is about as far from the truth as it could be: hackers go after small businesses because they’re often considered easy targets. Many small businesses do not invest in security training or programs, simply because they think they don’t need them.

Let’s set the record straight: any business is a potential target for a hacker, especially if that business leaves itself unprotected.

One of the best ways to protect your organization is by committing to company-wide Security Awareness Training. Whether you’re self-employed, the leader of a small team, or the head of a company with hundreds of employees, your business can benefit from simple security education.

What is Security Awareness Training, and why does my business need it?

Information is today’s hottest commodity. No matter what industry you’re in, your business needs to handle things like bank information, credit card numbers, client contacts, and more. Believe it or not, 95% of data breaches, ransomware, and compromised data are the result of human error. In other words, even the most streamlined and bulletproof of security systems can suffer a data breach if one person clicks on an infected link, downloads a suspicious file, or accidentally shares their login info.

Every business can benefit from Security Awareness Training. While antivirus/antimalware, security subscriptions, and encryption software all add layers of defense, employee education is the best way to protect your company from outside threats. From CEO spoofing to phishing scams to ransomware and more, knowing what you’re up against makes you all the more likely to recognize and react to breach attempts in the future.

How do I build a Security Awareness Training program?

Luckily, Security Awareness Training is easy to roll out. The extent of training your employees require will depend on your business’s needs. For example, employees in a small e-commerce company wouldn’t benefit as much from a refresher on HIPAA rules as someone working for a law firm or medical company.

The best way to get started is with an audit. Use these questions to take a look at your current security procedures and make note of any places where you could improve.

  • If you store client information, is that info properly protected and backed up?
  • Do you have a procedure in place for making, accepting, or approving online payments?
  • Do your employees know the difference between a phishing scam and a regular email?
  • Are your employees familiar with security best practices? (Do they know not to click on questionable links, download suspicious files, or use the same password for multiple accounts?)

When you’ve identified areas of improvement, here are a few ways you could plan your Security Awareness Training:

Level One: Staff Meeting

Host a simple staff meeting to go over the basics of security awareness. Start by screening our eighteen-minute Cybersecurity Basics video, and make time for questions and concerns at the end. Make sure everyone in the company is on the same page about logins, password protection, critical updates for security software, and more.

It’s also a good idea to establish a verification process that directly combats phishing scams. If a hacker tried to imitate a company email address, what steps could your employees take to identify the scam? Alternatively, what steps can they take to verify a legitimate request?

Level Two: Call in the Cavalry

For larger companies, it may be a better use of time to call in an outside expert. A representative from your managed service provider can host a webinar or on-site meeting to go over the basics of security awareness. (Here’s a hint: GTS is proud to offer onsite or virtual security training for any number of employees. Just give us a call!)

Level Three: High-Level Security for Sensitive Information

If you work for or run a company that needs to be compliant with HIPAA regulations, your team needs to be aware of more advanced security concerns. Things like access levels for employee devices, password management portals, backup systems, and encryption services are internal concerns for your IT department or managed service provider, but your employees should still be familiar with what these services do, why they’re in place, and how to best use them.

At the end of the day, your business’s security is critical to its day-to-day success. This Computer Learning Month, commit to employee education – the next layer of defense for your company’s information! At GTS, we offer remote monitoring and management services that keep your business’s security running smoothly, 24/7/365. We’re also happy to create and administer structured security awareness training for your employees, no matter the size of your company.

If you’re not sure how to get started, call us at (904) 606-6011 to schedule a free, onsite 15-point technology check. We’ll take a closer look at your equipment, security programs, access systems, and more to ensure your security is the best that it can be. If we identify areas for improvement, we’ll help you identify the best ways to improve your security without breaking the bank. Happy learning!

Author

Paul May