|5 Tips to Help Stop Your Staff From 'Risky' Online Behavior (continued)
|We're not suggesting that your staff is made up of bad people, they just may have no idea how dangerous their online behavior at work really is. And that's the problem: their ignorance could easily be your number one web security threat. Here are five tips you should consider to address the problem:
||Where do you think you're going?
URL filtering can restrict access to legitimate sites that are big distractions (Facebook, for example), but it can also block exposure to unsavory or outright unsafe websites. This can come in handy when a careless user clicks a link they should have left alone. URL filtering can prevent the computer from accessing a site that may be crawling with viruses, or one that could set up your company for legal liability.
||Create strong passwords.
An ignorant user will always fall back on the same password for every login—and the password will be a name, a predictable number sequence like "12345," or even the word "password." So write up a policy for creating strong passwords: they should be 8-15 characters long, with embedded numbers and symbols to stop simple attacks that guess passwords. Remember the best passwords aren't words, they can be patterns instead. And the passwords should change every few months.
||Remind them what a real AV solution looks like.
Fake AV pop-ups still bedevil many small business users. If a person isn't particularly tech-savvy, and if they're distracted, they could easily be fooled by a scary warning that suddenly appears on their computer screen. Make sure employees know what antivirus software your company uses and what it looks like when it updates. Ideally, it will update automatically and not need the user to manually kick off the process. Your staff should know that any prompts to update their security software are likely coming from a phony source.
||Put it in writing.
No company is too small to have a formal, written security policy. Make sure your security policy covers software restrictions (which applications can be installed and which ones are prohibited), password creation guidelines, restrictions around personal use and social media, and guidelines for internal and external communications. It's a good idea to appoint a security policy manager who other employees can consult with if they need help or advice. And, of course, be prepared to enforce your policies.
No matter how security-conscious your employees may be, chances are they're paid to do something besides worry about computers all day. Let them do their jobs and don't make employees the only barrier between your business and a major security breakdown. Use a managed AV solution like Trend Micro™ Worry-Free™ Business Security Services that updates automatically to onsite and remote machines. Most importantly, it will stop employees from uninstalling the software or stopping security scans.