How to Teach Your Staff About Data Security
I’ve just been talking to a business owner and we put them up to the “Let Us Hack You” challenge. Yes, it is exactly what it sounds like. We’re the good guys and we jump in and try to hack your systems like the baddies could and see if we can get in. Okay, much to their dismay we got in, and they were not impressed.
Staff Need to Be Educated
People don’t like thinking that they’ve got something that’s secure that’s not. People don’t like thinking they’ve got an inferior product. But what it comes down to most all the time is your staff. We need to talk about how to get your staff involved in data security and how businesses can get staff to take data security seriously. I’m going to be cruising through some training tips to make sure they’re doing the best by your business and hopefully the best by themselves personally.
Let us hack you before the bad guys do. Sign up for a free assessment.
Don’t Believe Everything You Hear
Whatever someone’s trying to sell you, there might be some other ulterior motive that you’re not seeing. A great example would be Facebook. You’re getting this fantastic ability to connect with your friends, but they’re also selling off your information and ultimately you are the product that they’re selling. Nothing is what it seems.
You need to make sure that you’re aware of that. When someone calls you up from Westpac or Commonwealth Bank or National or something like that and they say that there’s been a data security issue, press one to continue if your name is XYZ, then that is potentially fraud. They might be tricking you. And that is something you need to be on your toes about.
Make sure that you’re aware of exactly who you’re talking to. There are so many programmes and applications out there such as Lyrebird and a bunch of others that allow for you to have your voice taken, your voiceprint taken and then they use it to log into bank accounts, change people’s mortgages, do all sorts of crazy stuff they shouldn’t have access to do. You need to be on your toes.
How do you go about fixing that? How do you fix that problem? The best thing would be to make sure that your answers aren’t something that you’d ever answer. If someone said, “What are your favourite coloured socks?” You’d be like, “That’s a weird question.” Instead of what’s your mother’s maiden name? Come on, guys.
Speak with one of our Dorks about secure programmes for your business. Sign up for a free assessment.
Make Security Questions Hard
Be a bit more diligent with security questions. If you’re going to be listening to someone on the other end of the phone, make sure they can tell you as many details about you as you can. Be diligent. Think about what their ulterior motives are.
Don’t have stupid security questions. Make sure that you’re able to be secure with the questions that you’ve got and that if anyone asked you, whatever that question is, you have your ears prick up and you think, “What is that? Why would they ask me that? Why would they ask what my favourite coloured socks are? Such a weird question.” And you think the answer would be white because most of them are white or black or whatever. So you need to make sure that you’re on top of that.
Watch Out for the Free Stuff
Free things are not always free. There’s always some catch. That can be that your email address is being harvested and sent off to someone else. Don’t BCC, CC or send to a bunch of email addresses because any one of those gets hit and you’re up shit creek and you need to then have your email go on to someone else’s mailing list, which then means they’re getting paid a pumpteenth of nothing to your email address spammed and sold off.
Make sure that you’re not sending lots and lots of people the same emails. Send them all separately or make sure to BCC them in blind carbon copy instead. That’s a simple one that so many people don’t do it. It surprises me how many emails get hacked because people are not doing that.
Let us hack you before the bad guys do. Get a free IT security assessment.
Spam Filter Is a Must
Remember that invoice you received from that company you’ve never heard of that you opened up, you double-clicked on and then you got a virus? Why did that ever happen? You should always make sure you have edge protection. Make sure that you have your emails going through a spam filter. Check out What Is Spam and How to Avoid It.
After that, they might still get through. It’s kind of like data security isn’t like you are secure or you’re not secure. It’s very, very variable. You’re more secure or you’re less secure. If there’s a new virus that has come out, no one’s combated it. That goes for computers, that goes for people. It just goes for anything really.
If there’s a new virus that’s come out, there’s not going to be antibiotics to get over that. So you need to make sure that you are combating as best as you can and make sure that your computers are vaccinated as best as they can be. That doesn’t mean that nothing will get through, but at least if you get sent that random invoice from that company you’ve never heard of, you won’t receive it so you can’t open it.
If you want to get rid of spam, talk to a Dork. Leave your details below and we’ll get back to you asap.
Don’t Open Unverified Invoices
That goes for companies you have heard of as well. If you have heard of the company, still probably don’t open it. If they don’t normally send an email to you with an invoice attached, or if they’ve written something that doesn’t sound like they would have normally written, such as, “Hello, invoice attached, urgency, emergency,” which happened to one of our clients yesterday, make sure that you’re aware of what is meant to be sent to you. Don’t click on things you’re not meant to click on. Don’t look at stuff at work that you shouldn’t be seeing.
Test Your Staff
Now, you might be thinking, “Crap, man, we’ve got so many staff. How’s this ever going to happen? We’re going to have to train everyone up and everyone might click on things they shouldn’t.”
The great news is there are a few different products that you can use that will actually test your employees. The one that we use is KnowBe4. What it does is it allows certain emails to be sent to your staff that look legitimate to see if they click on them so you can test hundreds of people at once and then change around your security policies within your business accordingly.
The last thing you want is the meat sitting in the seat to cause a vulnerability in your business. Let’s be honest, that is where the vulnerability sits 80% of the time.
As much as we’d love to think that the code monkeys and code jockeys that are sitting there doing their thing and just making it really, really poorly, most of the time it comes down to the people in the seat that are giving away information they’re not meant to be giving away. That could be your customer’s information, your personal information, any sort of IP, etc.
KnowBe4 is a fantastic tool to be able to test them and their email etiquette. As I already said earlier, another tool that we find is absolutely invaluable is the ability to make sure that all of your inbound emails and outbound emails are filtered in a way that lets you know that there’s no garbage or virus attached to them.
The Final Word
As I said, it’s not bullying and it’s not yes or no, it’s not black and white security. It is you’re more secure or less secure. Ultimately anyone that wants to get in somewhere will work out a way to get into it and that’s what it comes down to. My beautiful partner Sarah, I can comfortably say there was no way that I was ever going to get with her, but persistence broke down her walls and security is exactly the same. And that’s how you can all end up with really beautiful networks. So, make sure you’re persistent with your staff, make sure you’re on top of any of their hygiene around security, data privacy and generally the way they deal with breaches. You don’t want them to be taking data security anything less than 100%, seriously. I hope you’ve enjoyed this, and if you have, jump across to iTunes and leave me some love, stay good.