Educated Employees Reduce Risk October 18 2017 Most employees love the opportunity to work from home or have access to their work remotely. While remote access is a nice convenience, it can compromise your business if employees aren’t educated about the inherent risks of the Internet of Things (IoT). Educating your workforce and providing guidelines on how to mitigate their risk will, in turn, fortify your organization. The first step to secure your organization is to implement an employee training program, said Ryan Weston, the Manager of Security and Connectivity for ACS. It could be as simple as a lunch-and-learn or tip session on cybersecurity once a month or a more formal program with instructional videos, exercises and phishing tests that include progress reports. Training could include information about being mindful of email attachments, opening emails from unfamiliar sources, using different usernames, passwords or passphrases on devices, or changing the default password on IoT devices such as printers. “This is not a one-time deal,” Weston said of training. “Get an education program in place and keep updating your employees, so it’s not an out-of-sight, out-of-mind thing.” Training needs to occur at all levels and to include the latest protection in cybersecurity. Executives and upper-level management often have greater access to network information and often use mobile devices for work purposes, which can make them a bigger target for hackers or malware. As a company, take responsibility for IoT devices even if the employee is using them. Make sure you know where the devices are located and how they are being used, and keep them updated. Another critical element is teaching employees to log off their computer or device when they are not in front of it, whether this is at the office or even at home. You never know who – a babysitter, a neighbor or even a friend – might view confidential information. “You lock your house at night,” Weston said. “Also, lock your computer when you step away.” Ideally, employees should segregate their electronics and have separate computers and devices for personal and work use. This prevents viruses and malware from kids’ games and other personal uses from entering the business’s network. Mobile or remote employees also run the risk of exposing the company’s network by using public wireless connections. Make sure they know the dangers. Cybersecurity continues to evolve, so it’s critical to stay up to date on the latest methods of protecting your business. For example, the National Cyber Security Alliance recommends users have two-factor authentication – i.e., a two-step log-in beyond the traditional username and password. This includes security keys, biometrics such as fingerprints or one-time codes. It’s important to educate and prepare your employees, but you also need to fortify your business in case these protocols are not followed, and the employee puts the company at risk. You’ll create the greatest defense for your company with a layered security approach. A trusted third-party technology provider can help you develop a training program and keep it updated, as well as evaluate your network for potential lapses in security. Next month we’ll discuss the importance of implementing a Business Continuity Plan and how to account for your IoT devices in the plan.