Small Businesses: Your Employees are Key to Effective Cybersecurity

By Elvis Huff on January 15, 2019
7 minute read

If you’re a small business owner, securing your business against cyberattacks may not be on your radar yet. But defending against them is crucial, and that starts with your employees.

Employees are the key

Small businesses usually stay very busy just taking care of what’s in front of them – doing, collaborating, creating, selling, meeting, printing, etc.  Employees often wear many hats and perform multiple job functions, some of which are not their particular areas of specialty or expertise; they just get lots of things done because that’s what’s needed.

Employees are your first line of defense. Did the receptionist just let someone pretending to be a computer repair person from your tech support company, on his or her computer to perform preventative maintenance? Maybe this person just installed a keylogger that will record every keystroke entered on the keyboard. That means whenever your receptionist accesses a bank account to check balances and pay bills, that username and password is sent to the cybercriminal.

Even easier for a cybercriminal is to spoof, or imitate, an email from the owner of the business.  Posing as the owner, the criminal might ask an accounts payable employee to email the bank account number, saying they forgot it.

If your employees aren’t aware of these risks, they might not hesitate to send sensitive info or let someone else on their computer without checking first.  So, what should the employees have done in both situations? Called the tech support company and the business owner to verify.

The first step

Whether you have one or twenty employees, talk to all of them about cybersecurity. You do not have to buy anything. You can simply search for recent trends and articles and relate those to your business. Take 5 minutes at the next project or job meeting and remind employees that they really are crucial to defending the business against cyberattacks. Remember, knowledge is power, and the more empowered your employees feel, the more productive they are going to be in saving the business money by defending against cyberattacks.

Need help getting started?

Here are 5 talking points you can use right now:

  1. Suspicious emails – These usually start with a simple request, to the effect of “Hey, can you help me?” These emails look legitimate and seem innocent, but they could be start of a cyberattack. If in doubt, call someone to confirm. Tell employees not to reply immediately to emails that could be suspect.
  2. Read more than the name in the ‘from’ line – Teach employees to look at the return email address. Often, cyber criminals will simply create an online email account and insert the name of the business owner. If employees check the return email address, they will catch this sneaky attack.
  3. Telephone – Employees should not call a number that’s listed in a suspicious email. The phone number could easily be part of the hoax.
  4. Physical security – Cyber security and physical security are related. In the example above, the receptionist let someone use a company computer. Teach employees to guard physical access to their computers too. This can still be a threat.
  5. Train, don’t scare – Remember to train employees without scaring them. Instead of using fear as a motivator, try positive encouragement, and continue adding tidbits of information every so often. This kind of culture will go a long way toward helping your employees start paying attention to the little things.

Have another thought, tip or suggestion? Leave it in the comments below. I would love to hear from you!

Posted by Elvis Huff

Elvis Huff worked as an officer and network administrator for 12 years with the Lebanon Police Department and has also served as an adjunct professor in information systems at Cumberland University. Read More »

Leave a reply

Your email address will not be published.