Business IQ

How to empower staff and protect data security

Mike Doman
Technology Journalist

Mike Doman is a technology, lifestyle, industrial and education writer

Mike Doman
Technology Journalist

Mike Doman is a technology, lifestyle, industrial and education writer

Your cyber security is only as strong as its weakest link and that weak link is often the human element – even if your staff have the best of intentions. That’s why it is critical to invest in staff awareness so they know what to do to prevent your organisation being breached.

Cyber security is everyone's responsibility in the modern business, so it's important to build cyber awareness in staff so they can play their part in minimising this business risk.  Most businesses are connected to the internet and use email to keep their businesses running.  However, it is this interconnectedness that also means that cyber-crime can now happen at a pace, scale and reach that is unprecedented.  So it is important to make sure your staff are cyber aware and play their part in protecting your valuable information at all times.

A photo of a woman from behind working at an office desk

"Information is power" – it's an age-old saying which seems more relevant than ever in the internet age. Your data is one of your most valuable assets, not just the business' own sensitive data but also customers' data. Unfortunately many businesses are rather lax when it comes to keeping this valuable asset safe, even though a serious data breach could bring the business to its knees.

Cyber security is not just the responsibility of your IT department- it is a business risk and every staff member has a role to play.

To learn more about helping to protecting your business data and how to work within the cloud

Read about Telstra’s small business cloud services.

Find out more

Lock it down

Empowering employees to protect business data starts with establishing effective cyber awareness programs and having accessible, plain English cyber security policies. This includes having policies around password-protecting computers and handheld devices which contain, or can access, business data as well as policies around staff using their own devices at work.

Cyber security policies guide staff behaviour and should cover effective password management, such as a minimum length and complexity as well as a ban on using the same password for different services. Two-factor authentication should also be enabled where available, to offer an extra line of defence for business systems and online services. Businesses may want to also consider having good processes around reviewing who has access to what information (both staff and external suppliers) and making sure that staff who no longer need access have it removed. This is really important cyber security housekeeping that is sadly overlooked by most businesses. It would be like not collecting the keys from the previous 10 tenants that leased your rental property. You wouldn’t do that, so why is cyber security any different?

It's important to tighten up security across the board, not just on a few key systems. Supply chains are critical when working out who has access to your valuable information and how they might be looking after it. It is important that your suppliers protect your valuable information - several well-known breaches have been through supply chain vulnerabilities.

Enable encryption

An email is like a postcard - it can be intercepted and read in transit.  Don’t assume there is inherent security in email. A growing number of websites use HTTPS encryption to stop third parties eavesdropping on your online activities. Staff should always look for the padlock symbol when using services like online banking and webmail.

Your web browser or security software will often warn you if a website looks suspicious, checking for an invalid security certificate or malware embedded in the page. It's easy for staff to develop warning fatigue and simply click OK to every pop-up notification, so it's important to train them to remain vigilant and ask for assistance when in doubt.

Staff should also enable the extra protection of a Virtual Private Network when working away from the office, to protect their online activities from prying eyes. It's an important security precaution when using public Wi-Fi and Ethernet networks in locations like cafes, airport lounges and hotel rooms.

Think twice before clicking

A healthy sense of paranoia is one of your best lines of defence when it comes to cyber security. Most businesses rely on email as a key business tool so clicking on links is necessary. But some links come with far more than just a business opportunity.

Cyber criminals looking to steal your valuable information will use phishing emails as a way of gaining access to your company and your valuable data. Rather than promising something too good to be true, like winning the lottery, most phishing emails often pretend to be something too boring to be fake – such as an overdue utility bill or notification of a missed parcel delivery. But always look carefully at the email - were you expecting a bill? Were you expecting a delivery? Why would the police be emailing an “infringement notice” to your work email?

All staff need to think twice before clicking on links in emails or opening attachments, as these can infect a computer with malicious software designed to steal passwords or perhaps encrypt the computer's hard drive and hold your data to ransom. 

Businesses are also vulnerable to targeted "socially engineered" emails, which are tailored to trick specific people in your organisation and can even appear to come from other staff members or people you know. They all have the same intention of getting the recipient to click on the link or do something that will allow them to gain a foothold in your organisation. 

These socially engineered emails can be harder to detect but the same rules apply – staff should always approach links and attachments with caution and not be afraid to query unusual requests, ring the person or organisation purporting to send the email on their published phone number and check with them if you are not sure about the content of the email.  .

Building cyber aware staff is key - cyber security is just as much a human issue as it is a technical issue so having staff who are aware of the risks and how to manage them can make all the difference in this interconnected world.

Related News

A woman using her laptop and phone in a shop.
Tech Solutions
Tech Solutions
Get to the nbn™ network starting line in great shape

Even if it may still be some time before the nbn network is available in your neighbourhood, planning now can mean a hassle-free switch over when it happens. When the nbn™ netw...

Business woman giving speech in front of peers holding a microphone.
Success Stories
Success Stories
The tips, tricks and non-negotiables of winning speeches

Business leaders give great speeches, and the 2017 Telstra Business Women's Awards finalists are no exception thanks to the tips, tricks and non-negotiables they are taught dur...

Business woman giving speech in front of peers holding iPad.
Success Stories
Success Stories
Six steps to spectacular speeches

Public speaking is commonly quoted as one of the world’s most common fears, but it's a skill business leaders must master to be influential at networking events, workshops and ...

Elise Apolloni with her 2017 Telstra  Australian Capital Territory Business Woman of the Year Award.
Success Stories
Success Stories
Wanniassa pharmacist is named 2017 Telstra ACT Business Woman of the Year

Elise Apolloni from Capital Chemist Wanniassa cleaned up at the 2017 Telstra Australian Capital Territory Business Women’s Awards, winning three Awards, including 2017 Telstra ...