Is Your Staff a Threat to Your Network Security?

December 23, 2015
Featured image for “Is Your Staff a Threat to Your Network Security?”

Network intrusions, identity theft, hacking and malware are all serious cyber crimes any business must be aware of. You’re smart, you’re prepared. You’ve meticulously planned to keep your internal network safe from external intruders. But your threats may already be in the office, on your payroll.  Your employees may not be as well versed in the ways of cyber attackers and can unknowingly let them in through their workstations. The folks at give us 4 tips to educate our staff so we can get back to focusing on the external threats.

Management oversight

While many business owners may have excellent experience and business acumen, they lack technical knowledge. The IT field and the Internet of Things (IoT) are complex worlds that each have unique subcultures and distinct jargon. Therefore, business owners need to either be trained in IT or consult with an IT savvy individual, who will be able to educate and clarify information. Otherwise, the business owner may make uninformed business decisions that could have disastrous effects, such as failing to add servers for more storage space or upgrading the network security software programs. Well-informed business owners will be able to make strategic business decisions and protect the interests of their company from different cyber attacks.

Employee training on internet scams

Besides the business owner and c suite, employees need the bulk of data and IT security training. However, employee training goes beyond explaining how to discover network devices or troubleshoot the printer. Employee training should focus on instilling a sense of vigilant awareness about potential security threats. For example, employees should be made aware of the warning signs of typical internet scams, such as fraudulent business, auction, investment and credit card cons. To illustrate, many online criminals send massive amounts of phishing emails that try to entice the receiver to click on a link, enter a website or open an infected file. The catch is that these emails appear official and credible, so unsuspecting victims may receive trustworthy looking emails from their bank that alerts them to fraudulent account activity. The email will instruct the individual to enter their personal or financial information in order to rectify the problem.

New employee training

Many companies lack resources or time when hiring in new employees, and therefore quickly acclimate new hires through simply having them start their job on the first day. However, all new employees should receive standardized IT security training that explains the proper processes and expectations. For example, new employees should be trained on the importance of protecting confidential client and business information. This is because many criminals use social engineering techniques to gain secret information. For instance, this may appear in the form of a potential customer casually discussing seemingly harmless topics in order to acquire sensitive information. Therefore, new employees should be trained to protect data in their communications and physically protect business data through logging off, locking doors and setting alarms.

Helpful tips from the FCC

According to the Federal Communications Commission (FCC), every company should have a cyber-security plan and strategy that include the following items: First, they should use the latest security programs and firewall systems. Second, because mobile device security is becoming more important, businesses should encrypt their mobile data and install security apps on their business phone. Third, businesses should also secure their Wi-FI network through using a password protected Service Set Identifier (SSID). Fourth, install the payment software program on a computer that is not accessed and shared by employees. Fifth, be sure to make yourself and your employees regularly change their passwords every three months. If possible, the FCC recommends that owners and executives use multi-factor authentication for sensitive financial information.*

*SOURCE: Jared Jaureguy

At Corporate Technologies Group, we make sure your data is protected inside and out. With proper Information Security procedures, your company’s valuable information can be protected inside and out. Download our Network Security Checklist to see how ready your network is.

Download the checklist