Your first line of defence for your SME business in the cyber security area should be your staff. Most SME’s do not consider their staff important in the protection of the business. They can be vital. With the right training they can be your front line defence. You still need the four pillars of your cyber security framework but your staff can ensure that they actually work.
What am I talking about? Most business employ staff that are uneducated, innocent and ill informed. Most of the time they are not stupid. They just have never had someone sit down and explain to them how dangerous the Internet really is. They need to be taught how to be observant.
So here is a couple of ideas that could help them to become more aware of the cyber criminals on the Internet.
Passwords are critical to most things that are done on the Internet. A password of 1234, password or qwerty is stupid. It is stupid because they are the first combinations that the cyber criminal will try to access your information.
A password has to have the following points:
- It has to be complicated – should contain letters,capitals, numbers and symbols. If possible it should contain a space.
- It has to be longer than 8 characters
- It has to be unique
- And it should be changed regularly
We all have them, I in fact have a social media page on Facebook and linkedIn as well as a twitter account. What I can post on Facebook will be different from what I can post on LinkedIn. This is because they are used for different things within a business. Social media for a business can be a great way to level,the field against their bigger competitors, it can also be a accident waiting to happen.
Stupid things said on Facebook can damage a businesses reputation, can accidentally allow critical information out of the business or it can be used to create a social engineering vector into your business. Social media should be controlled and managed.
That damn Internet
The Internet is probably one of the most dangerous places that we will ever go. That is not being melodramatic, but the stats are in. You have a better chance in a dark alley on the worst part of town than you have if you are unaware on the Internet. When you get mugged on the Internet, most of the time you don’t even know if has happened.
What is this crap in my inbox
Email has been around for decades. It has not changed much in that time. SPAM has made it a restrictive media because there is no privacy with an email. If you want to keep something secret do not send it in an email. Use other solutions.
It is also unreliable. Anyone can send an email from you without your knowledge, or you may just get a bounce message for an email you know you never sent.
What does it all mean
The fact that everyone has access to the Internet is a problem for the uneducated, ill informed and innocent. They make mistakes in a medium that is unforgiving, and one small mistake can have you loose everything. That for them as individuals but what happens if they do that within a business. Staff members are notorious for using stupid passwords, slipping up on social media, not understanding the Internet and email, exposing intellectual property both their own and the businesses. How do we stop that from happening.
Get some training
Yep, that’s correct. Train them not to be stupid. Train them to understand what a phishing email is, what a secure password is, how to treat their equipment. From there they become your front line. They are the ones who will see a problem and report it. Better security for them is better security for you.