4 Steps for Ensuring Cyber Security for Small Business

It doesn’t seem that long ago when working off-site or at home required loading information onto a floppy drive and transporting work projects from one computer to another.

Fast forward to today and most businesses operate in the cloud and VPN networks.  Employees have become accustomed to the freedom of virtual work and enjoy the ease of firing up the laptop or smartphone to conduct business.  This new phenomenon makes work seamless and provides organizations with the advantage of accomplishing tasks even while employees are away from the office.

However, a recent survey by CoalFire suggests that 47% of employees do not use a password on smartphones or mobile devices that access sensitive company computer files.  The survey also reports that 84% of employees surveyed say they use the same device for work and personal use, and that 50% of the companies these employees represent don’t have a policy in place for mobile device usage.

The findings of this survey are alarming:

  • 84% of employees use the same devices for work and personal use.
  • 47% state that they don’t use passcodes on their cell phones.
  • 36% report that they reuse the same password.
  • 51% reported that their company did not have the capability of wiping out data from devices that were lost or stolen.
  • 24% reported using a password management system.
  • 60% are writing passwords on paper, 11% save passwords on an encrypted document on computer and 7% report having passwords saved on a document on their desktop.
  • 49% of IT departments do no communication or training on cyber security.

These statistics are alarming and every business owner should pay attention to the potential risk for a security breach of sensitive company data.

4 Ways to Protect Your Organization

1. Write Cyber Security Policy

The first step is determining what is and what isn’t appropriate for your particular organization.  Gather key leadership and your IT representative and write policies and procedures that protect your organization. This policy should include when it is appropriate to use personal mobile devices, password protection and steps that need to be taken in the event of a lost or stolen device.

2.  Train Employees on Cyber Security

Spend some time training employees about the unique risks of cyber security concerns for mobile devices and the employee’s responsibility for  helping the organization protect itself. This training should also include new policies as well as best practices for password creation and practical ways to store password information.

3.  Conduct an Audit of Mobile Devices

Conduct an audit for what personal devices employees are using to conduct business and review password protection practices.  Keep records of devices that are in use and require employees to update information when new devices are used.

4.  Hold Employees Accountable

Incorporate data security practices into a performance management process to enable the organization to influence positive cyber security practices.

Most employees have a vested interest in the organization they work for and care about its success.  Taking the time to plan and educate employees on cyber security issues can allow your organization to partner with employees in safeguarding critical business data.