This article was updated on July 20, 2018.
Data security begins with the employee. Unfortunately, many employees don't understand their role in helping to protect their own information, let alone that of the organization. You can take steps to change that by educating your employees about the numerous potential threats they face each day and the measures put in place to prevent data breaches.
Here are four methods to enhance data security through your employees.
Every employee who has access to the network should understand the importance of protecting their network credentials and that sharing a user name or password with anyone, including co-workers or family members, can weaken network security. A recent survey of over 1,000 consumers by LastPass showed that 95 percent of Americans share between one and six passwords with friends or family members so it's vital to make sure your employees understand that data security precludes them from repeating that mistake with your corporate network.
Employees should be required to change their passwords on a regular basis, and they should be educated about how to create a strong password. The most reliable passwords contain at least eight characters; do not contain a complete word, the user's username, real name or organization; contain various letters, numbers and symbols; and are significantly different from former passwords. Almost three-quarters (73 percent) of consumers use the same password across multiple accounts, according to research from Telesign — and that practice opens them up to the "domino effect," which means if one account is hacked, all accounts with the same password can be breached.
By adding a secondary and randomly generated passcode that employees must access from an authentication app on an alternate device (e.g. a smart phone or tablet), employers can ensure that only those with both levels of security will be able to gain access to network systems. While 56 percent of people are unfamiliar with two-factor authentication, 68 percent want an extra layer of security, beyond simply a password, according to the Telesign study.
Your organization's network should be divided into sections (such as HR, marketing and finance), and unique network credentials should be required to enter each section. Employees should be clearly informed that the setup is intended to protect them and the organization and not a sign of mistrust.
Policies and Procedures
Every organization should have specific policies and procedures that address how to handle private information (belonging to employees or to the organization) and how to handle any potential leaks. Those policies should first be disseminated in person to each employee, and then documentation should be visible and easily accessible to every employee via the enterprise intranet.