Top 7 Tips for Helping Employees Keep Company Data Safe

Hacking is a growing global menace for businesses of all sizes. High-profile hacking incidents at companies like Target, Home Depot, Sony, JPMorgan, and eBay make headlines since millions of consumers are at risk when their sensitive information is compromised. Thousands of smaller hacking attacks happen away from the media spotlight, but customer data is exposed to the same level of risk.

HR professionals understand the stakes, and most realize that hackers target small to midsized companies as well as large corporations. But as an HR professional, you can play a role in keeping your company’s data safe. It starts with acknowledging that corporate security is only as strong as the weakest link. Employees are frequently the weak link because of lax security practices.

However, you can reduce your company’s vulnerability by teaching new hires and current employees safe cyber security practices. Here are seven essential tips for keeping company data safe:

Make sure employees always use strong passwords. Hackers often gain entry to secure systems through compromised passwords, so consider a strong password the first line of defense. Require the use of upper and lowercase letters, numbers, and symbols. Employees can create stronger passwords that are easy to remember by using symbols or numbers in place of letters— for example, “F00tb@11” instead of “football.”
Require the use of a different password for each site and regular password changes. Many employees use the same password for every secure site they visit, which is extraordinarily dangerous since a compromised username and password combination can lead to multiple breaches before the initial hack is discovered. It’s a good idea to instruct employees to use a strong password for each site they visit and to change it every 30 days to 60 days.
Use passwords or PINs on mobile phones and tablets. In the BYOD (bring your own device) era, it’s important to make sure employees who use their personal devices for business enable a password or PIN on their phones or tablets. Otherwise, sensitive company information could be easily compromised if the device is lost or stolen. Instruct employees to use a PIN or password on every device used for business purposes and to download apps that allow remote data wiping in the event a device goes missing.
Inform employees about phishing scams. Even employees who are relatively tech savvy have fallen for phishing scams, so make sure all employees know to never give out a password or account information via e-mail or phone. Let them know that phishing hackers can build a spoof site that looks virtually identical to a real site, so it’s always safer to type in a URL themselves and log in rather than responding to a link embedded in an e-mail to manage an account issue.
Prohibit employees from leaving devices unattended in the workplace. Data breaches can occur when an unauthorized person takes advantage of an employee’s momentary absence to collect login data and credentials. That’s why it’s essential to make sure employees know not to leave their laptop or desktop unattended without closing down the browser and locking the screen—even if they’ll only be gone for a minute or two.
Consider a password management system for the company. In 2015, the two most popular passwords were “123456” and “password.” Without guidance, employees may also rely on easily hackable passwords like their name, occupation, or favorite team. That’s because it’s hard to remember multiple passwords, particularly since they must change frequently. A good password manager can eliminate this problem, creating a new, ultra-strong password for every site every time the employee visits. All employees have to remember is one master password.
Mandate cyber safety classes. Most employees want to do the right thing—some just don’t know how to keep information safe. Consider implementing a cyber-safety class for new hires and current employees. And after providing the information employees need to keep sensitive data safe, hold them accountable by asking them to sign a form acknowledging that they’ve received training, understand the policies, and will abide by cyber security best practices.

The online crime wave won’t be over any time soon. As more people use more devices and other factors enter into the mix, such as millions of new Internet of Things sensors and connections, the gateways to company databases are multiplying, and IT professionals can’t fight the battle alone.

That’s why it’s important for HR to step up and enlist employees in the fight against hackers. By following these seven tips, you can help employees operate more safely online and keep your company from becoming another cybercrime statistic.

By Bill Carey, vice president of Marketing & Business Development, Siber Systems Inc.