Are your employees equipped to use the Internet and email securely?

How certain are you that your employees understand the risks posed by their use of the Internet? And do you trust that your employees know how to minimise risks – and what to do when they discover a threat?

We all rely on the Internet and email for marketing, communications and essential business operations – but how often do we step back and assess the risks?

Evolving risks

Hackers and fraudsters are constantly looking for vulnerabilities. Businesses are regularly assailed by financially-motivated agents, as well as state-funded hackers in search of intellectual property and the disruption of commercial activity.

The threat from within

In recent years, organisations have discovered that digital security and processes are not enough to prevent hacks, malware and data loss, because even the most robust systems can be swiftly neutered by an untrained (or disgruntled) employee. This has brought a renewed focus on employee training and the need to defend against internal threats. So, what can your organisation do to help employees use the Internet and email securely?

Assess your technology risks

Before you consider what kind of training your employees require, you must evaluate the potential threats to your business. For example, you might have a database of customer data, precious intellectual property or product designs, vital systems, online resources or costly digital infrastructure. Does your business have any compliance requirements? Are these being met – and protected? Once you have identified the threats, you can devise a strategy for mitigating and managing risks.

Security policy

Does your organisation have an up-to-date security policy? It’s important that your employees read the policy and understand everything it covers, such as:

Safe IT usage
Acceptable software
BYOD – can employees use their own devices?
Data protection and sharing
Removable media – can employees use USB drives and other media?
Password practices
Dealing with suspicious emails and content
Keeping back ups
Digital vigilance and reporting

Training is clearly a core component of modern digital security. Your employees represent a significant risk – whether intentional or accidental – and regular training is the best way to ensure that every individual recognises the threats and their role in preventing a security breach. Training should be mandatory and regularly refreshed to cope with the changing nature of digital security. Employee training programmes should form the core of a comprehensive security setup.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”